mirror of https://github.com/JustKato/FreePad.git
Working on the admin interface
+ Implemented login token + Routing + Admin controller + Login Page * Updated `.env` example
This commit is contained in:
parent
662dad90b7
commit
d949b3decb
|
@ -21,4 +21,8 @@ CLEANUP_MAX_AGE=43200 # Default is a month
|
||||||
|
|
||||||
# Maximum pad file lenght, this is in characters, a character is one byte.
|
# Maximum pad file lenght, this is in characters, a character is one byte.
|
||||||
# Default: 524288 ( 500kb )
|
# Default: 524288 ( 500kb )
|
||||||
MAXIMUM_PAD_SIZE=524288
|
MAXIMUM_PAD_SIZE=524288
|
||||||
|
|
||||||
|
# Your admin access token
|
||||||
|
# If the value is not defined the admin interface will not be available
|
||||||
|
# ADMIN_TOKEN=SUPER_SECRET_ADMIN_TOKEN
|
|
@ -0,0 +1,19 @@
|
||||||
|
package controllers
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
)
|
||||||
|
|
||||||
|
func AdminMiddleware(router *gin.RouterGroup) {
|
||||||
|
|
||||||
|
// Handl
|
||||||
|
router.Use(func(ctx *gin.Context) {
|
||||||
|
|
||||||
|
// Check which route we are accessing
|
||||||
|
fmt.Println(`Accesing: `, ctx.Request.RequestURI)
|
||||||
|
|
||||||
|
})
|
||||||
|
|
||||||
|
}
|
|
@ -72,3 +72,18 @@ func GetCacheMapLimit() int {
|
||||||
|
|
||||||
return rez
|
return rez
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Get the admin token used to authenticate as an admin
|
||||||
|
func GetAdminToken() string {
|
||||||
|
// Get the admin login from the environment
|
||||||
|
adminToken, exists := os.LookupEnv("ADMIN_TOKEN")
|
||||||
|
|
||||||
|
// Check if the admin token was defined
|
||||||
|
if !exists {
|
||||||
|
// The admin token was not defined, disable admin logins
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
||||||
|
// Return the admin token
|
||||||
|
return adminToken
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,80 @@
|
||||||
|
package routes
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/hex"
|
||||||
|
"fmt"
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/JustKato/FreePad/lib/controllers"
|
||||||
|
"github.com/JustKato/FreePad/lib/helper"
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
|
||||||
|
"crypto/sha512"
|
||||||
|
)
|
||||||
|
|
||||||
|
var adminLoginToken string = ""
|
||||||
|
|
||||||
|
func AdminRoutes(router *gin.RouterGroup) {
|
||||||
|
|
||||||
|
adminLoginToken = helper.GetAdminToken()
|
||||||
|
|
||||||
|
// Apply the admin middleware for identification
|
||||||
|
controllers.AdminMiddleware(router)
|
||||||
|
|
||||||
|
// Admin login route
|
||||||
|
router.GET("/login", func(ctx *gin.Context) {
|
||||||
|
ctx.HTML(200, "admin_login.html", gin.H{
|
||||||
|
"title": "Login Login",
|
||||||
|
"domain_base": helper.GetDomainBase(),
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
|
router.POST("/login", func(ctx *gin.Context) {
|
||||||
|
|
||||||
|
// Get the value of the admin token
|
||||||
|
adminToken := ctx.PostForm("admin-token")
|
||||||
|
|
||||||
|
// Check if the input admin token matches our admin token
|
||||||
|
if adminLoginToken != "" && adminLoginToken == adminToken {
|
||||||
|
|
||||||
|
sha512Hasher := sha512.New()
|
||||||
|
sha512Hasher.Write([]byte(adminToken))
|
||||||
|
|
||||||
|
// Set the cookie to be an admin
|
||||||
|
hashHexToken := sha512Hasher.Sum(nil)
|
||||||
|
hashToken := hex.EncodeToString(hashHexToken)
|
||||||
|
|
||||||
|
fmt.Println(hashToken)
|
||||||
|
|
||||||
|
// Set the cookie
|
||||||
|
ctx.SetCookie("admin_token", hashToken, 60*60, "/", helper.GetDomainBase(), true, true)
|
||||||
|
|
||||||
|
ctx.Request.Method = "GET"
|
||||||
|
|
||||||
|
// Redirect the user to the admin page
|
||||||
|
ctx.Redirect(http.StatusTemporaryRedirect, "/admin")
|
||||||
|
return
|
||||||
|
} else {
|
||||||
|
ctx.Request.Method = "GET"
|
||||||
|
|
||||||
|
// Redirect the user to the admin page
|
||||||
|
ctx.Redirect(http.StatusTemporaryRedirect, "/admin/login?fail")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
})
|
||||||
|
|
||||||
|
// Admin view route
|
||||||
|
router.GET("/", func(ctx *gin.Context) {
|
||||||
|
|
||||||
|
adminToken, err := ctx.Cookie("admin_token")
|
||||||
|
if err != nil {
|
||||||
|
adminToken = ""
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx.JSON(200, gin.H{
|
||||||
|
`adminToken`: adminToken,
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
|
}
|
3
main.go
3
main.go
|
@ -46,6 +46,9 @@ func main() {
|
||||||
// Implement the rate limiter
|
// Implement the rate limiter
|
||||||
controllers.DoRateLimit(router)
|
controllers.DoRateLimit(router)
|
||||||
|
|
||||||
|
// Admin Routing
|
||||||
|
routes.AdminRoutes(router.Group("/admin"))
|
||||||
|
|
||||||
// Add Routes
|
// Add Routes
|
||||||
routes.HomeRoutes(router)
|
routes.HomeRoutes(router)
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,42 @@
|
||||||
|
{{ template "inc/header.html" .}}
|
||||||
|
|
||||||
|
<body>
|
||||||
|
|
||||||
|
<main id="main-card" class="container rounded mt-5 shadow-sm">
|
||||||
|
<div class="p-3">
|
||||||
|
|
||||||
|
<a href="/" class="logo-container w-100 d-flex mb-4">
|
||||||
|
<img src="/static/img/logo_transparent.png" alt="Logo" style="max-width: 50%; margin: 0 auto;" class="mx-auto">
|
||||||
|
</a>
|
||||||
|
|
||||||
|
<div class="form-group my-4">
|
||||||
|
<form class="search-action input-group" method="post" action="/admin/login">
|
||||||
|
<input autocomplete="off" type="password" class="form-control form-control-lg" name="admin-token" placeholder="Your Admin token" aria-label="Your Admin token" aria-describedby="admin-token-button" id="admin-token">
|
||||||
|
|
||||||
|
<button class="btn btn-primary" type="submit" id="admin-token-button">
|
||||||
|
<svg xmlns="http://www.w3.org/2000/svg" width="24 " height="24 " fill="currentColor" class="bi bi-box-arrow-in-right" viewBox="0 0 16 16">
|
||||||
|
<path fill-rule="evenodd" d="M6 3.5a.5.5 0 0 1 .5-.5h8a.5.5 0 0 1 .5.5v9a.5.5 0 0 1-.5.5h-8a.5.5 0 0 1-.5-.5v-2a.5.5 0 0 0-1 0v2A1.5 1.5 0 0 0 6.5 14h8a1.5 1.5 0 0 0 1.5-1.5v-9A1.5 1.5 0 0 0 14.5 2h-8A1.5 1.5 0 0 0 5 3.5v2a.5.5 0 0 0 1 0v-2z"/>
|
||||||
|
<path fill-rule="evenodd" d="M11.854 8.354a.5.5 0 0 0 0-.708l-3-3a.5.5 0 1 0-.708.708L10.293 7.5H1.5a.5.5 0 0 0 0 1h8.793l-2.147 2.146a.5.5 0 0 0 .708.708l3-3z"/>
|
||||||
|
</svg>
|
||||||
|
</button>
|
||||||
|
|
||||||
|
</form>
|
||||||
|
<small class="text-muted">Access the admin interface for FreePad, this can only be done through the Admin Token.</small>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<footer class="text-muted py-5 border-top text-center">
|
||||||
|
<p class="mb-1">
|
||||||
|
FreePad by <a href="https://justkato.me/">©Kato Twofold</a>
|
||||||
|
</p>
|
||||||
|
<p class="mb-0">
|
||||||
|
FreePad is freely available over on our <a href="https://github.com/JustKato/FreePad">GitHub</a>
|
||||||
|
</p>
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
</main>
|
||||||
|
|
||||||
|
{{ template "inc/theme-toggle.html" .}}
|
||||||
|
</body>
|
||||||
|
|
||||||
|
{{ template "inc/footer.html" .}}
|
Loading…
Reference in New Issue