mirror of https://github.com/JustKato/FreePad.git
Working on the admin interface
+ Implemented login token + Routing + Admin controller + Login Page * Updated `.env` example
This commit is contained in:
parent
662dad90b7
commit
d949b3decb
|
@ -22,3 +22,7 @@ CLEANUP_MAX_AGE=43200 # Default is a month
|
|||
# Maximum pad file lenght, this is in characters, a character is one byte.
|
||||
# Default: 524288 ( 500kb )
|
||||
MAXIMUM_PAD_SIZE=524288
|
||||
|
||||
# Your admin access token
|
||||
# If the value is not defined the admin interface will not be available
|
||||
# ADMIN_TOKEN=SUPER_SECRET_ADMIN_TOKEN
|
|
@ -0,0 +1,19 @@
|
|||
package controllers
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
func AdminMiddleware(router *gin.RouterGroup) {
|
||||
|
||||
// Handl
|
||||
router.Use(func(ctx *gin.Context) {
|
||||
|
||||
// Check which route we are accessing
|
||||
fmt.Println(`Accesing: `, ctx.Request.RequestURI)
|
||||
|
||||
})
|
||||
|
||||
}
|
|
@ -72,3 +72,18 @@ func GetCacheMapLimit() int {
|
|||
|
||||
return rez
|
||||
}
|
||||
|
||||
// Get the admin token used to authenticate as an admin
|
||||
func GetAdminToken() string {
|
||||
// Get the admin login from the environment
|
||||
adminToken, exists := os.LookupEnv("ADMIN_TOKEN")
|
||||
|
||||
// Check if the admin token was defined
|
||||
if !exists {
|
||||
// The admin token was not defined, disable admin logins
|
||||
return ""
|
||||
}
|
||||
|
||||
// Return the admin token
|
||||
return adminToken
|
||||
}
|
||||
|
|
|
@ -0,0 +1,80 @@
|
|||
package routes
|
||||
|
||||
import (
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"github.com/JustKato/FreePad/lib/controllers"
|
||||
"github.com/JustKato/FreePad/lib/helper"
|
||||
"github.com/gin-gonic/gin"
|
||||
|
||||
"crypto/sha512"
|
||||
)
|
||||
|
||||
var adminLoginToken string = ""
|
||||
|
||||
func AdminRoutes(router *gin.RouterGroup) {
|
||||
|
||||
adminLoginToken = helper.GetAdminToken()
|
||||
|
||||
// Apply the admin middleware for identification
|
||||
controllers.AdminMiddleware(router)
|
||||
|
||||
// Admin login route
|
||||
router.GET("/login", func(ctx *gin.Context) {
|
||||
ctx.HTML(200, "admin_login.html", gin.H{
|
||||
"title": "Login Login",
|
||||
"domain_base": helper.GetDomainBase(),
|
||||
})
|
||||
})
|
||||
|
||||
router.POST("/login", func(ctx *gin.Context) {
|
||||
|
||||
// Get the value of the admin token
|
||||
adminToken := ctx.PostForm("admin-token")
|
||||
|
||||
// Check if the input admin token matches our admin token
|
||||
if adminLoginToken != "" && adminLoginToken == adminToken {
|
||||
|
||||
sha512Hasher := sha512.New()
|
||||
sha512Hasher.Write([]byte(adminToken))
|
||||
|
||||
// Set the cookie to be an admin
|
||||
hashHexToken := sha512Hasher.Sum(nil)
|
||||
hashToken := hex.EncodeToString(hashHexToken)
|
||||
|
||||
fmt.Println(hashToken)
|
||||
|
||||
// Set the cookie
|
||||
ctx.SetCookie("admin_token", hashToken, 60*60, "/", helper.GetDomainBase(), true, true)
|
||||
|
||||
ctx.Request.Method = "GET"
|
||||
|
||||
// Redirect the user to the admin page
|
||||
ctx.Redirect(http.StatusTemporaryRedirect, "/admin")
|
||||
return
|
||||
} else {
|
||||
ctx.Request.Method = "GET"
|
||||
|
||||
// Redirect the user to the admin page
|
||||
ctx.Redirect(http.StatusTemporaryRedirect, "/admin/login?fail")
|
||||
return
|
||||
}
|
||||
|
||||
})
|
||||
|
||||
// Admin view route
|
||||
router.GET("/", func(ctx *gin.Context) {
|
||||
|
||||
adminToken, err := ctx.Cookie("admin_token")
|
||||
if err != nil {
|
||||
adminToken = ""
|
||||
}
|
||||
|
||||
ctx.JSON(200, gin.H{
|
||||
`adminToken`: adminToken,
|
||||
})
|
||||
})
|
||||
|
||||
}
|
3
main.go
3
main.go
|
@ -46,6 +46,9 @@ func main() {
|
|||
// Implement the rate limiter
|
||||
controllers.DoRateLimit(router)
|
||||
|
||||
// Admin Routing
|
||||
routes.AdminRoutes(router.Group("/admin"))
|
||||
|
||||
// Add Routes
|
||||
routes.HomeRoutes(router)
|
||||
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
{{ template "inc/header.html" .}}
|
||||
|
||||
<body>
|
||||
|
||||
<main id="main-card" class="container rounded mt-5 shadow-sm">
|
||||
<div class="p-3">
|
||||
|
||||
<a href="/" class="logo-container w-100 d-flex mb-4">
|
||||
<img src="/static/img/logo_transparent.png" alt="Logo" style="max-width: 50%; margin: 0 auto;" class="mx-auto">
|
||||
</a>
|
||||
|
||||
<div class="form-group my-4">
|
||||
<form class="search-action input-group" method="post" action="/admin/login">
|
||||
<input autocomplete="off" type="password" class="form-control form-control-lg" name="admin-token" placeholder="Your Admin token" aria-label="Your Admin token" aria-describedby="admin-token-button" id="admin-token">
|
||||
|
||||
<button class="btn btn-primary" type="submit" id="admin-token-button">
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="24 " height="24 " fill="currentColor" class="bi bi-box-arrow-in-right" viewBox="0 0 16 16">
|
||||
<path fill-rule="evenodd" d="M6 3.5a.5.5 0 0 1 .5-.5h8a.5.5 0 0 1 .5.5v9a.5.5 0 0 1-.5.5h-8a.5.5 0 0 1-.5-.5v-2a.5.5 0 0 0-1 0v2A1.5 1.5 0 0 0 6.5 14h8a1.5 1.5 0 0 0 1.5-1.5v-9A1.5 1.5 0 0 0 14.5 2h-8A1.5 1.5 0 0 0 5 3.5v2a.5.5 0 0 0 1 0v-2z"/>
|
||||
<path fill-rule="evenodd" d="M11.854 8.354a.5.5 0 0 0 0-.708l-3-3a.5.5 0 1 0-.708.708L10.293 7.5H1.5a.5.5 0 0 0 0 1h8.793l-2.147 2.146a.5.5 0 0 0 .708.708l3-3z"/>
|
||||
</svg>
|
||||
</button>
|
||||
|
||||
</form>
|
||||
<small class="text-muted">Access the admin interface for FreePad, this can only be done through the Admin Token.</small>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<footer class="text-muted py-5 border-top text-center">
|
||||
<p class="mb-1">
|
||||
FreePad by <a href="https://justkato.me/">©Kato Twofold</a>
|
||||
</p>
|
||||
<p class="mb-0">
|
||||
FreePad is freely available over on our <a href="https://github.com/JustKato/FreePad">GitHub</a>
|
||||
</p>
|
||||
</footer>
|
||||
|
||||
</main>
|
||||
|
||||
{{ template "inc/theme-toggle.html" .}}
|
||||
</body>
|
||||
|
||||
{{ template "inc/footer.html" .}}
|
Loading…
Reference in New Issue