Working on the admin interface

+ Implemented login token
+ Routing
+ Admin controller
+ Login Page
* Updated `.env` example

.env.example

@@ -22,3 +22,7 @@ CLEANUP_MAX_AGE=43200 # Default is a month
 # Maximum pad file lenght, this is in characters, a character is one byte.
 # Default: 524288 ( 500kb )
 MAXIMUM_PAD_SIZE=524288
+
+# Your admin access token
+# If the value is not defined the admin interface will not be available
+# ADMIN_TOKEN=SUPER_SECRET_ADMIN_TOKEN

Dockerfile

@@ -1,9 +1,27 @@
-FROM alpine
+# Importing golang 1.18 to use as a builder for our source
+FROM golang:1.18 as builder
+
+# Use the /src directory as a workdir
+WORKDIR /src
+
+# Copy the src to /src
+COPY . ./
+
+# Download dependencies
+RUN go mod download
+
+# Build the executable
+RUN CGO_ENABLED=0 go build -a -installsuffix cgo -o freepad .
+
+# Import alpine linux as a base
+FROM scratch
 
 LABEL version="1.4.0"
 
-# Copy the distribution files
+# Copy the files from the builder to the new image
-COPY ./dist /app
+COPY --from=builder /src/freepad /app/freepad
+COPY --from=builder /src/templates /app/templates
+COPY --from=builder /src/static /app/static
 
 # Make /app the work directory
 WORKDIR /app

docker-compose.example.yaml

@@ -3,13 +3,13 @@ version: '3'
 services:
   freepad:
     # Uncomment the bellow to use the production docker image from the docker repository
-    # image: 
+    image: justkato/freepad
     # Comment the build line if you are just looking to use a docker-compose file
-    build: .
+    # build: .
     # I don't recommend changing the 8080 as there would be no reason to,
     # simply change the 3113 port to anything you would like for the container to listen on
     ports:
-      - 3113:8080
+      - 8080:8080
     # This will read from your .env variables, in that file you will find the documentation as well
     environment:
       - DOMAIN_BASE

lib/controllers/controllers_admin.go

@@ -0,0 +1,19 @@
+package controllers
+
+import (
+	"fmt"
+
+	"github.com/gin-gonic/gin"
+)
+
+func AdminMiddleware(router *gin.RouterGroup) {
+
+	// Handl
+	router.Use(func(ctx *gin.Context) {
+
+		// Check which route we are accessing
+		fmt.Println(`Accesing: `, ctx.Request.RequestURI)
+
+	})
+
+}

lib/helper/helper_main.go

@@ -72,3 +72,18 @@ func GetCacheMapLimit() int {
 
 	return rez
 }
+
+// Get the admin token used to authenticate as an admin
+func GetAdminToken() string {
+	// Get the admin login from the environment
+	adminToken, exists := os.LookupEnv("ADMIN_TOKEN")
+
+	// Check if the admin token was defined
+	if !exists {
+		// The admin token was not defined, disable admin logins
+		return ""
+	}
+
+	// Return the admin token
+	return adminToken
+}

lib/routes/routes_admin.go

@@ -0,0 +1,80 @@
+package routes
+
+import (
+	"encoding/hex"
+	"fmt"
+	"net/http"
+
+	"github.com/JustKato/FreePad/lib/controllers"
+	"github.com/JustKato/FreePad/lib/helper"
+	"github.com/gin-gonic/gin"
+
+	"crypto/sha512"
+)
+
+var adminLoginToken string = ""
+
+func AdminRoutes(router *gin.RouterGroup) {
+
+	adminLoginToken = helper.GetAdminToken()
+
+	// Apply the admin middleware for identification
+	controllers.AdminMiddleware(router)
+
+	// Admin login route
+	router.GET("/login", func(ctx *gin.Context) {
+		ctx.HTML(200, "admin_login.html", gin.H{
+			"title":       "Login Login",
+			"domain_base": helper.GetDomainBase(),
+		})
+	})
+
+	router.POST("/login", func(ctx *gin.Context) {
+
+		// Get the value of the admin token
+		adminToken := ctx.PostForm("admin-token")
+
+		// Check if the input admin token matches our admin token
+		if adminLoginToken != "" && adminLoginToken == adminToken {
+
+			sha512Hasher := sha512.New()
+			sha512Hasher.Write([]byte(adminToken))
+
+			// Set the cookie to be an admin
+			hashHexToken := sha512Hasher.Sum(nil)
+			hashToken := hex.EncodeToString(hashHexToken)
+
+			fmt.Println(hashToken)
+
+			// Set the cookie
+			ctx.SetCookie("admin_token", hashToken, 60*60, "/", helper.GetDomainBase(), true, true)
+
+			ctx.Request.Method = "GET"
+
+			// Redirect the user to the admin page
+			ctx.Redirect(http.StatusTemporaryRedirect, "/admin")
+			return
+		} else {
+			ctx.Request.Method = "GET"
+
+			// Redirect the user to the admin page
+			ctx.Redirect(http.StatusTemporaryRedirect, "/admin/login?fail")
+			return
+		}
+
+	})
+
+	// Admin view route
+	router.GET("/", func(ctx *gin.Context) {
+
+		adminToken, err := ctx.Cookie("admin_token")
+		if err != nil {
+			adminToken = ""
+		}
+
+		ctx.JSON(200, gin.H{
+			`adminToken`: adminToken,
+		})
+	})
+
+}

main.go

@@ -46,6 +46,9 @@ func main() {
 	// Implement the rate limiter
 	controllers.DoRateLimit(router)
 
+	// Admin Routing
+	routes.AdminRoutes(router.Group("/admin"))
+
 	// Add Routes
 	routes.HomeRoutes(router)
 

templates/pages/admin_login.html

@@ -0,0 +1,42 @@
+{{ template "inc/header.html" .}}
+
+<body>
+
+    <main id="main-card" class="container rounded mt-5 shadow-sm">
+        <div class="p-3">
+
+            <a href="/" class="logo-container w-100 d-flex mb-4">
+                <img src="/static/img/logo_transparent.png" alt="Logo" style="max-width: 50%; margin: 0 auto;" class="mx-auto">
+            </a>
+
+            <div class="form-group my-4">
+                <form class="search-action input-group" method="post" action="/admin/login">
+                    <input autocomplete="off" type="password" class="form-control form-control-lg" name="admin-token" placeholder="Your Admin token" aria-label="Your Admin token" aria-describedby="admin-token-button" id="admin-token">
+
+                    <button class="btn btn-primary" type="submit" id="admin-token-button">
+                        <svg xmlns="http://www.w3.org/2000/svg" width="24 " height="24 " fill="currentColor" class="bi bi-box-arrow-in-right" viewBox="0 0 16 16">
+                            <path fill-rule="evenodd" d="M6 3.5a.5.5 0 0 1 .5-.5h8a.5.5 0 0 1 .5.5v9a.5.5 0 0 1-.5.5h-8a.5.5 0 0 1-.5-.5v-2a.5.5 0 0 0-1 0v2A1.5 1.5 0 0 0 6.5 14h8a1.5 1.5 0 0 0 1.5-1.5v-9A1.5 1.5 0 0 0 14.5 2h-8A1.5 1.5 0 0 0 5 3.5v2a.5.5 0 0 0 1 0v-2z"/>
+                            <path fill-rule="evenodd" d="M11.854 8.354a.5.5 0 0 0 0-.708l-3-3a.5.5 0 1 0-.708.708L10.293 7.5H1.5a.5.5 0 0 0 0 1h8.793l-2.147 2.146a.5.5 0 0 0 .708.708l3-3z"/>
+                        </svg>
+                    </button>
+
+                </form>
+                <small class="text-muted">Access the admin interface for FreePad, this can only be done through the Admin Token.</small>
+            </div>
+        </div>
+
+        <footer class="text-muted py-5 border-top text-center">
+            <p class="mb-1">
+                FreePad by <a href="https://justkato.me/">©Kato Twofold</a>
+            </p>
+            <p class="mb-0">
+                FreePad is freely available over on our <a href="https://github.com/JustKato/FreePad">GitHub</a>
+            </p>
+        </footer>
+
+    </main>
+
+    {{ template "inc/theme-toggle.html" .}}
+</body>
+
+{{ template "inc/footer.html" .}}