From 88784363a6b0e7d0d58d0e57a816fbedd9f8a60a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= Date: Wed, 19 Jan 2022 21:45:53 +0100 Subject: [PATCH 1/4] Add users and auth --- auth.go | 61 +++++++++++++++++++++++++++++++++++ auth_test.go | 39 +++++++++++++++++++++++ go.mod | 4 +++ go.sum | 13 ++++++++ user.go | 27 ++++++++++++++++ user_test.go | 37 +++++++++++++++++++++ userstore_bolt.go | 69 ++++++++++++++++++++++++++++++++++++++++ userstore_bolt_test.go | 27 ++++++++++++++++ userstore_memory.go | 39 +++++++++++++++++++++++ userstore_memory_test.go | 15 +++++++++ userstore_test.go | 41 ++++++++++++++++++++++++ 11 files changed, 372 insertions(+) create mode 100644 auth.go create mode 100644 auth_test.go create mode 100644 user.go create mode 100644 user_test.go create mode 100644 userstore_bolt.go create mode 100644 userstore_bolt_test.go create mode 100644 userstore_memory.go create mode 100644 userstore_memory_test.go create mode 100644 userstore_test.go diff --git a/auth.go b/auth.go new file mode 100644 index 0000000..cfd753f --- /dev/null +++ b/auth.go @@ -0,0 +1,61 @@ +package gpaste + +import ( + "fmt" + "time" + + "github.com/golang-jwt/jwt" + "github.com/google/uuid" +) + +type AuthService struct { + users UserStore + hmacSecret []byte +} + +func NewAuthService(store UserStore, signingSecret []byte) *AuthService { + return &AuthService{users: store, hmacSecret: signingSecret} +} + +func (as *AuthService) Login(username, password string) (string, error) { + user, err := as.users.Get(username) + if err != nil { + return "", err + } + + if err := user.ValidatePassword(password); err != nil { + return "", err + } + + // TODO: Set iss and aud + claims := jwt.StandardClaims{ + Subject: user.Username, + ExpiresAt: time.Now().Add(7 * 24 * time.Hour).Unix(), + NotBefore: time.Now().Unix(), + IssuedAt: time.Now().Unix(), + Id: uuid.NewString(), + } + + token := jwt.NewWithClaims(jwt.GetSigningMethod("HS256"), claims) + signed, err := token.SignedString(as.hmacSecret) + if err != nil { + return "", err + } + + return signed, nil +} + +func (as *AuthService) ValidateToken(rawToken string) error { + claims := &jwt.StandardClaims{} + token, err := jwt.ParseWithClaims(rawToken, claims, func(t *jwt.Token) (interface{}, error) { + return as.hmacSecret, nil + }) + if err != nil { + return err + } + if !token.Valid { + return fmt.Errorf("invalid token") + } + + return nil +} diff --git a/auth_test.go b/auth_test.go new file mode 100644 index 0000000..0c98f7c --- /dev/null +++ b/auth_test.go @@ -0,0 +1,39 @@ +package gpaste_test + +import ( + "testing" + + "git.t-juice.club/torjus/gpaste" +) + +func TestAuth(t *testing.T) { + t.Run("Token", func(t *testing.T) { + us := gpaste.NewMemoryUserStore() + secret := []byte(randomString(16)) + as := gpaste.NewAuthService(us, secret) + + username := randomString(8) + password := randomString(16) + + user := &gpaste.User{Username: username} + if err := user.SetPassword(password); err != nil { + t.Fatalf("error setting user password: %s", err) + } + if err := us.Store(user); err != nil { + t.Fatalf("Error storing user: %s", err) + } + + token, err := as.Login(username, password) + if err != nil { + t.Fatalf("Error creating token: %s", err) + } + + if err := as.ValidateToken(token); err != nil { + t.Fatalf("Error validating token: %s", err) + } + invalidToken := `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NDMyMjk3NjMsImp0aSI6ImUzNDk5NWI1LThiZmMtNDQyNy1iZDgxLWFmNmQ3OTRiYzM0YiIsImlhdCI6MTY0MjYyNDk2MywibmJmIjoxNjQyNjI0OTYzLCJzdWIiOiJYdE5Hemt5ZSJ9.VM6dkwSLaBv8cStkWRVVv9ADjdUrHGHrlB7GB7Ly7n8` + if err := as.ValidateToken(invalidToken); err == nil { + t.Fatalf("Invalid token passed validation") + } + }) +} diff --git a/go.mod b/go.mod index 6c30a0c..cad0232 100644 --- a/go.mod +++ b/go.mod @@ -7,10 +7,13 @@ require github.com/google/uuid v1.3.0 require github.com/go-chi/chi/v5 v5.0.7 require ( + github.com/golang-jwt/jwt v3.2.2+incompatible github.com/google/go-cmp v0.5.6 github.com/pelletier/go-toml v1.9.4 github.com/urfave/cli/v2 v2.3.0 + go.etcd.io/bbolt v1.3.6 go.uber.org/zap v1.20.0 + golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce ) require ( @@ -18,4 +21,5 @@ require ( github.com/russross/blackfriday/v2 v2.1.0 // indirect go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.7.0 // indirect + golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 // indirect ) diff --git a/go.sum b/go.sum index 04ac49e..8d8abd7 100644 --- a/go.sum +++ b/go.sum @@ -9,6 +9,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/go-chi/chi/v5 v5.0.7 h1:rDTPXLDHGATaeHvVlLcR4Qe0zftYethFucbjVQ1PxU8= github.com/go-chi/chi/v5 v5.0.7/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= +github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= +github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= @@ -33,6 +35,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/urfave/cli/v2 v2.3.0 h1:qph92Y649prgesehzOrQjdWyxFOp/QVM+6imKHad91M= github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU= +go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= @@ -45,22 +49,31 @@ go.uber.org/zap v1.20.0 h1:N4oPlghZwYG55MlU6LXk/Zp00FVNE9X9wrYO8CEs4lc= go.uber.org/zap v1.20.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce h1:Roh6XWxHFKrPgC/EQhVubSAGQ6Ozk6IdxHSzt1mR0EI= +golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0= +golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= diff --git a/user.go b/user.go new file mode 100644 index 0000000..ff91e44 --- /dev/null +++ b/user.go @@ -0,0 +1,27 @@ +package gpaste + +import "golang.org/x/crypto/bcrypt" + +type User struct { + Username string `json:"username"` + HashedPassword []byte `json:"hashed_password"` +} + +type UserStore interface { + Get(username string) (*User, error) + Store(user *User) error + Delete(username string) error +} + +func (u *User) ValidatePassword(password string) error { + return bcrypt.CompareHashAndPassword(u.HashedPassword, []byte(password)) +} + +func (u *User) SetPassword(password string) error { + hashed, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) + if err != nil { + return err + } + u.HashedPassword = hashed + return nil +} diff --git a/user_test.go b/user_test.go new file mode 100644 index 0000000..5855e68 --- /dev/null +++ b/user_test.go @@ -0,0 +1,37 @@ +package gpaste_test + +import ( + "math/rand" + "testing" + + "git.t-juice.club/torjus/gpaste" +) + +func TestUser(t *testing.T) { + t.Run("Password", func(t *testing.T) { + userMap := make(map[string]string) + for i := 0; i < 10; i++ { + userMap[randomString(8)] = randomString(16) + } + + for username, password := range userMap { + user := &gpaste.User{Username: username} + if err := user.SetPassword(password); err != nil { + t.Fatalf("Error setting password: %s", err) + } + if err := user.ValidatePassword(password); err != nil { + t.Fatalf("Error validating password: %s", err) + } + } + }) +} + +func randomString(length int) string { + const charset = "abcdefghijklmnopqrstabcdefghijklmnopqrstuvwxyz" + + "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" + b := make([]byte, length) + for i := range b { + b[i] = charset[rand.Intn(len(charset))] + } + return string(b) +} diff --git a/userstore_bolt.go b/userstore_bolt.go new file mode 100644 index 0000000..c0c87e9 --- /dev/null +++ b/userstore_bolt.go @@ -0,0 +1,69 @@ +package gpaste + +import ( + "encoding/json" + + "go.etcd.io/bbolt" +) + +var keyUsers = []byte("users") + +type BoltUserStore struct { + db *bbolt.DB +} + +func NewBoltUserStore(path string) (*BoltUserStore, error) { + db, err := bbolt.Open(path, 0666, nil) + if err != nil { + return nil, err + } + + if err := db.Update(func(tx *bbolt.Tx) error { + _, err := tx.CreateBucketIfNotExists(keyUsers) + return err + }); err != nil { + return nil, err + } + + return &BoltUserStore{db: db}, nil +} + +func (s *BoltUserStore) Close() error { + return s.db.Close() +} + +func (s *BoltUserStore) Get(username string) (*User, error) { + var user User + err := s.db.View(func(tx *bbolt.Tx) error { + bkt := tx.Bucket(keyUsers) + rawUser := bkt.Get([]byte(username)) + if err := json.Unmarshal(rawUser, &user); err != nil { + return err + } + return nil + }) + if err != nil { + return nil, err + } + return &user, nil +} + +func (s *BoltUserStore) Store(user *User) error { + return s.db.Update(func(tx *bbolt.Tx) error { + bkt := tx.Bucket(keyUsers) + + data, err := json.Marshal(user) + if err != nil { + return err + } + + return bkt.Put([]byte(user.Username), data) + }) +} + +func (s *BoltUserStore) Delete(username string) error { + return s.db.Update(func(tx *bbolt.Tx) error { + bkt := tx.Bucket(keyUsers) + return bkt.Delete([]byte(username)) + }) +} diff --git a/userstore_bolt_test.go b/userstore_bolt_test.go new file mode 100644 index 0000000..4600443 --- /dev/null +++ b/userstore_bolt_test.go @@ -0,0 +1,27 @@ +package gpaste_test + +import ( + "path/filepath" + "testing" + + "git.t-juice.club/torjus/gpaste" +) + +func TestBoltUserStore(t *testing.T) { + tmpDir := t.TempDir() + newFunc := func() (func(), gpaste.UserStore) { + tmpFile := filepath.Join(tmpDir, randomString(8)) + + store, err := gpaste.NewBoltUserStore(tmpFile) + if err != nil { + t.Fatalf("Error creating store: %s", err) + } + cleanup := func() { + store.Close() + } + return cleanup, store + } + + RunUserStoreTest(newFunc, t) + +} diff --git a/userstore_memory.go b/userstore_memory.go new file mode 100644 index 0000000..33811a0 --- /dev/null +++ b/userstore_memory.go @@ -0,0 +1,39 @@ +package gpaste + +import ( + "fmt" + "sync" +) + +type MemoryUserStore struct { + users map[string]*User + lock sync.Mutex +} + +func NewMemoryUserStore() *MemoryUserStore { + return &MemoryUserStore{users: make(map[string]*User)} +} +func (s *MemoryUserStore) Get(username string) (*User, error) { + s.lock.Lock() + defer s.lock.Unlock() + user, ok := s.users[username] + if !ok { + return nil, fmt.Errorf("no such user: %s", username) + } + + return user, nil +} + +func (s *MemoryUserStore) Store(user *User) error { + s.lock.Lock() + defer s.lock.Unlock() + s.users[user.Username] = user + return nil +} + +func (s *MemoryUserStore) Delete(username string) error { + s.lock.Lock() + defer s.lock.Unlock() + delete(s.users, username) + return nil +} diff --git a/userstore_memory_test.go b/userstore_memory_test.go new file mode 100644 index 0000000..f044e82 --- /dev/null +++ b/userstore_memory_test.go @@ -0,0 +1,15 @@ +package gpaste_test + +import ( + "testing" + + "git.t-juice.club/torjus/gpaste" +) + +func TestMemoryUserStore(t *testing.T) { + newFunc := func() (func(), gpaste.UserStore) { + return func() {}, gpaste.NewMemoryUserStore() + } + + RunUserStoreTest(newFunc, t) +} diff --git a/userstore_test.go b/userstore_test.go new file mode 100644 index 0000000..5b74d09 --- /dev/null +++ b/userstore_test.go @@ -0,0 +1,41 @@ +package gpaste_test + +import ( + "testing" + + "git.t-juice.club/torjus/gpaste" +) + +func RunUserStoreTest(newFunc func() (func(), gpaste.UserStore), t *testing.T) { + t.Run("Basics", func(t *testing.T) { + cleanup, s := newFunc() + t.Cleanup(cleanup) + + userMap := make(map[string]string) + for i := 0; i < 10; i++ { + userMap[randomString(8)] = randomString(16) + } + + for k, v := range userMap { + user := &gpaste.User{ + Username: k, + } + if err := user.SetPassword(v); err != nil { + t.Fatalf("Error setting password: %s", err) + } + if err := s.Store(user); err != nil { + t.Fatalf("Error storing user: %s", err) + } + } + + for k, v := range userMap { + user, err := s.Get(k) + if err != nil { + t.Errorf("Error getting user: %s", err) + } + if err := user.ValidatePassword(v); err != nil { + t.Errorf("Error verifying password: %s", err) + } + } + }) +} -- 2.45.2 From e1ed7cce662a025d3b0de5db30ca3593f908af90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= Date: Wed, 19 Jan 2022 22:25:19 +0100 Subject: [PATCH 2/4] Add login endpoint --- http.go | 46 +++++++++++++++++++++++++++++++++++++++++----- http_test.go | 44 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+), 5 deletions(-) diff --git a/http.go b/http.go index c699832..9acda18 100644 --- a/http.go +++ b/http.go @@ -13,7 +13,9 @@ import ( ) type HTTPServer struct { - store FileStore + Files FileStore + Users UserStore + Auth *AuthService config *ServerConfig Logger *zap.SugaredLogger AccessLogger *zap.SugaredLogger @@ -26,7 +28,9 @@ func NewHTTPServer(cfg *ServerConfig) *HTTPServer { Logger: zap.NewNop().Sugar(), AccessLogger: zap.NewNop().Sugar(), } - srv.store = NewMemoryFileStore() + srv.Files = NewMemoryFileStore() + srv.Users = NewMemoryUserStore() + srv.Auth = NewAuthService(srv.Users, []byte("test1235")) r := chi.NewRouter() r.Use(middleware.RealIP) @@ -35,6 +39,7 @@ func NewHTTPServer(cfg *ServerConfig) *HTTPServer { r.Get("/", srv.HandlerIndex) r.Post("/api/file", srv.HandlerAPIFilePost) r.Get("/api/file/{id}", srv.HandlerAPIFileGet) + r.Post("/api/login", srv.HandlerAPILogin) srv.Handler = r return srv @@ -57,7 +62,7 @@ func (s *HTTPServer) HandlerAPIFilePost(w http.ResponseWriter, r *http.Request) s.processMultiPartFormUpload(w, r) return } - err := s.store.Store(f) + err := s.Files.Store(f) if err != nil { w.WriteHeader(http.StatusInternalServerError) s.Logger.Warnw("Error storing file.", "req_id", reqID, "error", err, "id", f.ID, "remote_addr", r.RemoteAddr) @@ -87,7 +92,7 @@ func (s *HTTPServer) HandlerAPIFileGet(w http.ResponseWriter, r *http.Request) { return } - f, err := s.store.Get(id) + f, err := s.Files.Get(id) if err != nil { // TODO: LOG w.WriteHeader(http.StatusInternalServerError) @@ -126,7 +131,7 @@ func (s *HTTPServer) processMultiPartFormUpload(w http.ResponseWriter, r *http.R Body: ff, } - if err := s.store.Store(f); err != nil { + if err := s.Files.Store(f); err != nil { w.WriteHeader(http.StatusInternalServerError) s.Logger.Warnw("Error storing file.", "req_id", reqID, "error", err, "id", f.ID, "remote_addr", r.RemoteAddr) return @@ -143,3 +148,34 @@ func (s *HTTPServer) processMultiPartFormUpload(w http.ResponseWriter, r *http.R s.Logger.Warnw("Error encoding response to client.", "req_id", reqID, "error", err, "remote_addr", r.RemoteAddr) } } + +func (s *HTTPServer) HandlerAPILogin(w http.ResponseWriter, r *http.Request) { + reqID := middleware.GetReqID(r.Context()) + expectedRequest := struct { + Username string `json:"username"` + Password string `json:"password"` + }{} + decoder := json.NewDecoder(r.Body) + defer r.Body.Close() + if err := decoder.Decode(&expectedRequest); err != nil { + w.WriteHeader(http.StatusBadRequest) + return + } + + token, err := s.Auth.Login(expectedRequest.Username, expectedRequest.Password) + if err != nil { + w.WriteHeader(http.StatusUnauthorized) + return + } + + response := struct { + Token string `json:"token"` + }{ + Token: token, + } + + encoder := json.NewEncoder(w) + if err := encoder.Encode(&response); err != nil { + s.Logger.Infow("Error encoding json response to client.", "req_id", reqID, "error", err, "remote_addr", r.RemoteAddr) + } +} diff --git a/http_test.go b/http_test.go index cf99e23..8ecc89d 100644 --- a/http_test.go +++ b/http_test.go @@ -96,4 +96,48 @@ func TestHandlers(t *testing.T) { } }) }) + t.Run("HandlerAPILogin", func(t *testing.T) { + // TODO: Add test + username := "admin" + password := "admin" + user := &gpaste.User{Username: username} + if err := user.SetPassword(password); err != nil { + t.Fatalf("Error setting user password: %s", err) + } + if err := hs.Users.Store(user); err != nil { + t.Fatalf("Error storing user: %s", err) + } + + requestData := struct { + Username string `json:"username"` + Password string `json:"password"` + }{ + Username: username, + Password: password, + } + + body := new(bytes.Buffer) + encoder := json.NewEncoder(body) + if err := encoder.Encode(&requestData); err != nil { + t.Fatalf("Error encoding request body: %s", err) + } + + rr := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodPost, "/api/login", body) + + hs.Handler.ServeHTTP(rr, req) + + responseData := struct { + Token string `json:"token"` + }{} + + decoder := json.NewDecoder(rr.Body) + if err := decoder.Decode(&responseData); err != nil { + t.Fatalf("Error decoding response: %s", err) + } + + if err := hs.Auth.ValidateToken(responseData.Token); err != nil { + t.Fatalf("Unable to validate received token: %s", err) + } + }) } -- 2.45.2 From 5ffef4f6adf5021452a0acb55eef6824468ca13c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= Date: Wed, 19 Jan 2022 22:28:08 +0100 Subject: [PATCH 3/4] Add signing secret to config --- config.go | 13 +++++++++---- config_test.go | 26 +++++++++++++++----------- http.go | 2 +- http_test.go | 1 + 4 files changed, 26 insertions(+), 16 deletions(-) diff --git a/config.go b/config.go index e685261..1db0688 100644 --- a/config.go +++ b/config.go @@ -10,10 +10,11 @@ import ( ) type ServerConfig struct { - LogLevel string `toml:"LogLevel"` - URL string `toml:"URL"` - ListenAddr string `toml:"ListenAddr"` - Store *ServerStoreConfig `toml:"Store"` + LogLevel string `toml:"LogLevel"` + URL string `toml:"URL"` + ListenAddr string `toml:"ListenAddr"` + SigningSecret string `toml:"SigningSecret"` + Store *ServerStoreConfig `toml:"Store"` } type ServerStoreConfig struct { @@ -54,6 +55,10 @@ func (sc *ServerConfig) updateFromEnv() { sc.ListenAddr = value } + if value, ok := os.LookupEnv("GPASTE_SIGNINGSECRET"); ok { + sc.SigningSecret = value + } + if value, ok := os.LookupEnv("GPASTE_STORE_TYPE"); ok { sc.Store.Type = value } diff --git a/config_test.go b/config_test.go index 4d18e20..4e9a676 100644 --- a/config_test.go +++ b/config_test.go @@ -16,6 +16,7 @@ func TestServerConfig(t *testing.T) { LogLevel = "INFO" URL = "http://paste.example.org" ListenAddr = ":8080" +SigningSecret = "abc999" [Store] Type = "fs" @@ -23,9 +24,10 @@ Type = "fs" Dir = "/tmp" ` expected := &gpaste.ServerConfig{ - LogLevel: "INFO", - URL: "http://paste.example.org", - ListenAddr: ":8080", + LogLevel: "INFO", + URL: "http://paste.example.org", + ListenAddr: ":8080", + SigningSecret: "abc999", Store: &gpaste.ServerStoreConfig{ Type: "fs", FS: &gpaste.ServerStoreFSStoreConfig{ @@ -48,16 +50,18 @@ Dir = "/tmp" clearEnv() var envMap map[string]string = map[string]string{ - "GPASTE_LOGLEVEL": "DEBUG", - "GPASTE_URL": "http://gpaste.example.org", - "GPASTE_STORE_TYPE": "fs", - "GPASTE_LISTENADDR": ":8000", - "GPASTE_STORE_FS_DIR": "/tmp", + "GPASTE_LOGLEVEL": "DEBUG", + "GPASTE_URL": "http://gpaste.example.org", + "GPASTE_STORE_TYPE": "fs", + "GPASTE_LISTENADDR": ":8000", + "GPASTE_SIGNINGSECRET": "test1345", + "GPASTE_STORE_FS_DIR": "/tmp", } expected := &gpaste.ServerConfig{ - LogLevel: "DEBUG", - URL: "http://gpaste.example.org", - ListenAddr: ":8000", + LogLevel: "DEBUG", + URL: "http://gpaste.example.org", + ListenAddr: ":8000", + SigningSecret: "test1345", Store: &gpaste.ServerStoreConfig{ Type: "fs", FS: &gpaste.ServerStoreFSStoreConfig{ diff --git a/http.go b/http.go index 9acda18..0580a6b 100644 --- a/http.go +++ b/http.go @@ -30,7 +30,7 @@ func NewHTTPServer(cfg *ServerConfig) *HTTPServer { } srv.Files = NewMemoryFileStore() srv.Users = NewMemoryUserStore() - srv.Auth = NewAuthService(srv.Users, []byte("test1235")) + srv.Auth = NewAuthService(srv.Users, []byte(srv.config.SigningSecret)) r := chi.NewRouter() r.Use(middleware.RealIP) diff --git a/http_test.go b/http_test.go index 8ecc89d..b99d4aa 100644 --- a/http_test.go +++ b/http_test.go @@ -15,6 +15,7 @@ import ( func TestHandlers(t *testing.T) { cfg := &gpaste.ServerConfig{ + SigningSecret: "abc123", Store: &gpaste.ServerStoreConfig{ Type: "memory", }, -- 2.45.2 From 88b5b941dfe73b2942f3c64551e34bad22cd182d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= Date: Wed, 19 Jan 2022 22:44:00 +0100 Subject: [PATCH 4/4] Add login to client --- cmd/client/client.go | 89 ++++++++++++++++++++++++++++++++++++++++---- go.mod | 1 + go.sum | 2 + http.go | 8 ++++ 4 files changed, 93 insertions(+), 7 deletions(-) diff --git a/cmd/client/client.go b/cmd/client/client.go index ce4c6b8..c805dd1 100644 --- a/cmd/client/client.go +++ b/cmd/client/client.go @@ -9,10 +9,13 @@ import ( "mime/multipart" "net/http" "os" + "strings" + "syscall" "time" "github.com/google/uuid" "github.com/urfave/cli/v2" + "golang.org/x/term" ) var ( @@ -32,19 +35,23 @@ func main() { Name: "config", Usage: "Path to config-file.", }, + &cli.StringFlag{ + Name: "url", + Usage: "Base url of gpaste server", + }, }, Commands: []*cli.Command{ { Name: "upload", Usage: "Upload file(s)", ArgsUsage: "FILE [FILE]...", - Flags: []cli.Flag{ - &cli.StringFlag{ - Name: "url", - Usage: "Base url of gpaste server", - }, - }, - Action: ActionUpload, + Action: ActionUpload, + }, + { + Name: "login", + Usage: "Login to gpaste server", + ArgsUsage: "USERNAME", + Action: ActionLogin, }, }, } @@ -105,3 +112,71 @@ func ActionUpload(c *cli.Context) error { } return nil } + +func ActionLogin(c *cli.Context) error { + username := c.Args().First() + if username == "" { + return cli.Exit("USERNAME not supplied.", 1) + } + password, err := readPassword() + if err != nil { + return fmt.Errorf("error reading password: %w", err) + } + + url := fmt.Sprintf("%s/api/login", c.String("url")) + client := &http.Client{} + // TODO: Change timeout + ctx, cancel := context.WithTimeout(c.Context, 10*time.Second) + defer cancel() + + body := new(bytes.Buffer) + requestData := struct { + Username string `json:"username"` + Password string `json:"password"` + }{ + Username: username, + Password: password, + } + encoder := json.NewEncoder(body) + if err := encoder.Encode(&requestData); err != nil { + return fmt.Errorf("error encoding response: %w", err) + } + req, err := http.NewRequestWithContext(ctx, http.MethodPost, url, body) + if err != nil { + return fmt.Errorf("error creating request: %w", err) + } + + resp, err := client.Do(req) + if err != nil { + return fmt.Errorf("unable to perform request: %s", err) + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + return cli.Exit("got non-ok response from server", 0) + } + + responseData := struct { + Token string `json:"token"` + }{} + + decoder := json.NewDecoder(resp.Body) + if err := decoder.Decode(&responseData); err != nil { + return fmt.Errorf("unable to parse response: %s", err) + } + + fmt.Printf("Token: %s", responseData.Token) + + return nil +} + +func readPassword() (string, error) { + fmt.Print("Enter Password: ") + bytePassword, err := term.ReadPassword(int(syscall.Stdin)) + if err != nil { + return "", err + } + + password := string(bytePassword) + return strings.TrimSpace(password), nil +} diff --git a/go.mod b/go.mod index cad0232..49e2f3c 100644 --- a/go.mod +++ b/go.mod @@ -14,6 +14,7 @@ require ( go.etcd.io/bbolt v1.3.6 go.uber.org/zap v1.20.0 golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce + golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 ) require ( diff --git a/go.sum b/go.sum index 8d8abd7..bb70fbd 100644 --- a/go.sum +++ b/go.sum @@ -71,6 +71,8 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= diff --git a/http.go b/http.go index 0580a6b..e4dc9ad 100644 --- a/http.go +++ b/http.go @@ -32,6 +32,12 @@ func NewHTTPServer(cfg *ServerConfig) *HTTPServer { srv.Users = NewMemoryUserStore() srv.Auth = NewAuthService(srv.Users, []byte(srv.config.SigningSecret)) + // Create initial user + // TODO: Do properly + user := &User{Username: "admin"} + user.SetPassword("admin") + srv.Users.Store(user) + r := chi.NewRouter() r.Use(middleware.RealIP) r.Use(middleware.RequestID) @@ -174,6 +180,8 @@ func (s *HTTPServer) HandlerAPILogin(w http.ResponseWriter, r *http.Request) { Token: token, } + s.Logger.Infow("User logged in.", "req_id", reqID, "username", expectedRequest.Username) + encoder := json.NewEncoder(w) if err := encoder.Encode(&response); err != nil { s.Logger.Infow("Error encoding json response to client.", "req_id", reqID, "error", err, "remote_addr", r.RemoteAddr) -- 2.45.2