Working on the admin interface

+ Implemented login token
+ Routing
+ Admin controller
+ Login Page
* Updated `.env` example
This commit is contained in:
Daniel Legt 2022-06-02 23:53:32 +03:00
parent 662dad90b7
commit d949b3decb
6 changed files with 164 additions and 1 deletions

View File

@ -22,3 +22,7 @@ CLEANUP_MAX_AGE=43200 # Default is a month
# Maximum pad file lenght, this is in characters, a character is one byte. # Maximum pad file lenght, this is in characters, a character is one byte.
# Default: 524288 ( 500kb ) # Default: 524288 ( 500kb )
MAXIMUM_PAD_SIZE=524288 MAXIMUM_PAD_SIZE=524288
# Your admin access token
# If the value is not defined the admin interface will not be available
# ADMIN_TOKEN=SUPER_SECRET_ADMIN_TOKEN

View File

@ -0,0 +1,19 @@
package controllers
import (
"fmt"
"github.com/gin-gonic/gin"
)
func AdminMiddleware(router *gin.RouterGroup) {
// Handl
router.Use(func(ctx *gin.Context) {
// Check which route we are accessing
fmt.Println(`Accesing: `, ctx.Request.RequestURI)
})
}

View File

@ -72,3 +72,18 @@ func GetCacheMapLimit() int {
return rez return rez
} }
// Get the admin token used to authenticate as an admin
func GetAdminToken() string {
// Get the admin login from the environment
adminToken, exists := os.LookupEnv("ADMIN_TOKEN")
// Check if the admin token was defined
if !exists {
// The admin token was not defined, disable admin logins
return ""
}
// Return the admin token
return adminToken
}

View File

@ -0,0 +1,80 @@
package routes
import (
"encoding/hex"
"fmt"
"net/http"
"github.com/JustKato/FreePad/lib/controllers"
"github.com/JustKato/FreePad/lib/helper"
"github.com/gin-gonic/gin"
"crypto/sha512"
)
var adminLoginToken string = ""
func AdminRoutes(router *gin.RouterGroup) {
adminLoginToken = helper.GetAdminToken()
// Apply the admin middleware for identification
controllers.AdminMiddleware(router)
// Admin login route
router.GET("/login", func(ctx *gin.Context) {
ctx.HTML(200, "admin_login.html", gin.H{
"title": "Login Login",
"domain_base": helper.GetDomainBase(),
})
})
router.POST("/login", func(ctx *gin.Context) {
// Get the value of the admin token
adminToken := ctx.PostForm("admin-token")
// Check if the input admin token matches our admin token
if adminLoginToken != "" && adminLoginToken == adminToken {
sha512Hasher := sha512.New()
sha512Hasher.Write([]byte(adminToken))
// Set the cookie to be an admin
hashHexToken := sha512Hasher.Sum(nil)
hashToken := hex.EncodeToString(hashHexToken)
fmt.Println(hashToken)
// Set the cookie
ctx.SetCookie("admin_token", hashToken, 60*60, "/", helper.GetDomainBase(), true, true)
ctx.Request.Method = "GET"
// Redirect the user to the admin page
ctx.Redirect(http.StatusTemporaryRedirect, "/admin")
return
} else {
ctx.Request.Method = "GET"
// Redirect the user to the admin page
ctx.Redirect(http.StatusTemporaryRedirect, "/admin/login?fail")
return
}
})
// Admin view route
router.GET("/", func(ctx *gin.Context) {
adminToken, err := ctx.Cookie("admin_token")
if err != nil {
adminToken = ""
}
ctx.JSON(200, gin.H{
`adminToken`: adminToken,
})
})
}

View File

@ -46,6 +46,9 @@ func main() {
// Implement the rate limiter // Implement the rate limiter
controllers.DoRateLimit(router) controllers.DoRateLimit(router)
// Admin Routing
routes.AdminRoutes(router.Group("/admin"))
// Add Routes // Add Routes
routes.HomeRoutes(router) routes.HomeRoutes(router)

View File

@ -0,0 +1,42 @@
{{ template "inc/header.html" .}}
<body>
<main id="main-card" class="container rounded mt-5 shadow-sm">
<div class="p-3">
<a href="/" class="logo-container w-100 d-flex mb-4">
<img src="/static/img/logo_transparent.png" alt="Logo" style="max-width: 50%; margin: 0 auto;" class="mx-auto">
</a>
<div class="form-group my-4">
<form class="search-action input-group" method="post" action="/admin/login">
<input autocomplete="off" type="password" class="form-control form-control-lg" name="admin-token" placeholder="Your Admin token" aria-label="Your Admin token" aria-describedby="admin-token-button" id="admin-token">
<button class="btn btn-primary" type="submit" id="admin-token-button">
<svg xmlns="http://www.w3.org/2000/svg" width="24 " height="24 " fill="currentColor" class="bi bi-box-arrow-in-right" viewBox="0 0 16 16">
<path fill-rule="evenodd" d="M6 3.5a.5.5 0 0 1 .5-.5h8a.5.5 0 0 1 .5.5v9a.5.5 0 0 1-.5.5h-8a.5.5 0 0 1-.5-.5v-2a.5.5 0 0 0-1 0v2A1.5 1.5 0 0 0 6.5 14h8a1.5 1.5 0 0 0 1.5-1.5v-9A1.5 1.5 0 0 0 14.5 2h-8A1.5 1.5 0 0 0 5 3.5v2a.5.5 0 0 0 1 0v-2z"/>
<path fill-rule="evenodd" d="M11.854 8.354a.5.5 0 0 0 0-.708l-3-3a.5.5 0 1 0-.708.708L10.293 7.5H1.5a.5.5 0 0 0 0 1h8.793l-2.147 2.146a.5.5 0 0 0 .708.708l3-3z"/>
</svg>
</button>
</form>
<small class="text-muted">Access the admin interface for FreePad, this can only be done through the Admin Token.</small>
</div>
</div>
<footer class="text-muted py-5 border-top text-center">
<p class="mb-1">
FreePad by <a href="https://justkato.me/">©Kato Twofold</a>
</p>
<p class="mb-0">
FreePad is freely available over on our <a href="https://github.com/JustKato/FreePad">GitHub</a>
</p>
</footer>
</main>
{{ template "inc/theme-toggle.html" .}}
</body>
{{ template "inc/footer.html" .}}