From 7680845f74f35f87ac3f19933f392d3315b5d40e Mon Sep 17 00:00:00 2001 From: Maxim Lebedev Date: Mon, 31 Jan 2022 21:17:19 +0500 Subject: [PATCH] :passport_control: Used config credentials for BasicAuth middleware --- configs/example.yml | 41 +++++++++++++++--------- internal/auth/delivery/http/auth_http.go | 15 ++++++--- internal/domain/config.go | 8 +++-- 3 files changed, 41 insertions(+), 23 deletions(-) diff --git a/configs/example.yml b/configs/example.yml index 8af56ff..b5a870d 100644 --- a/configs/example.yml +++ b/configs/example.yml @@ -1,23 +1,32 @@ --- -name: IndieAuth +name: "IndieAuth" runMode: "dev" server: - protocol: http - domain: localhost - rootUrl: "{{protocol}}://{{domain}}:{{port}}/" - staticUrlPrefix: "/static" - host: "0.0.0.0" - port: 3000 certFile: "https/cert.pem" - keyFile: "https/key.pem" - staticRootPath: "/" + domain: "localhost" enablePprof: false + host: "0.0.0.0" + keyFile: "https/key.pem" + port: 3000 + protocol: "http" + rootUrl: "{{protocol}}://{{domain}}:{{port}}/" + staticRootPath: "assets/" + staticUrlPrefix: "/static" database: - type: bolt - path: data/indieauth.db -indieauth: + type: "memory" + # path: "data/development.db" +code: + expiry: "10m" + length: 32 +jwt: + algorithm: "RS256" + expiry: "1h" + nonceLength: 24 + secret: "hackme" +indieAuth: enabled: true - accessTokenExpirationTime: 3600 - jwtSigningAlgorithm: "RS256" - jwtSecret: "" - jwtSigningPrivateKeyFile: "jwt/private.pem" + username: user + password: hackme +ticketAuth: + expiry: "1m" + length: 24 diff --git a/internal/auth/delivery/http/auth_http.go b/internal/auth/delivery/http/auth_http.go index 6e175c1..432a044 100644 --- a/internal/auth/delivery/http/auth_http.go +++ b/internal/auth/delivery/http/auth_http.go @@ -140,14 +140,19 @@ func (h *RequestHandler) Register(r *router.Router) { Skipper: func(ctx *http.RequestCtx) bool { matched, _ := path.Match("/api/*", string(ctx.Path())) provider := string(ctx.QueryArgs().Peek("provider")) + providerMatched := provider != "" && provider != domain.ProviderDirect.UID - return !ctx.IsPost() || !matched || - (provider != "" && provider != domain.ProviderDirect.UID) + return !ctx.IsPost() || !matched || providerMatched }, Validator: func(ctx *http.RequestCtx, login, password string) (bool, error) { - // TODO(toby3d): change this - return subtle.ConstantTimeCompare([]byte(login), []byte("admin")) == 1 && - subtle.ConstantTimeCompare([]byte(password), []byte("hackme")) == 1, nil + userMatch := subtle.ConstantTimeCompare( + []byte(login), []byte(h.config.IndieAuth.Username), + ) + passMatch := subtle.ConstantTimeCompare( + []byte(password), []byte(h.config.IndieAuth.Password), + ) + + return userMatch == 1 && passMatch == 1, nil }, }), middleware.LogFmt(), diff --git a/internal/domain/config.go b/internal/domain/config.go index 94e6750..13f8017 100644 --- a/internal/domain/config.go +++ b/internal/domain/config.go @@ -55,7 +55,9 @@ type ( } ConfigIndieAuth struct { - Enabled bool `yaml:"enabled"` // true + Enabled bool `yaml:"enabled"` // true + Username string `yaml:"username"` + Password string `yaml:"password"` } ConfigTicketAuth struct { @@ -109,7 +111,9 @@ func TestConfig(tb testing.TB) *Config { Algorithm: "HS256", }, IndieAuth: ConfigIndieAuth{ - Enabled: true, + Enabled: true, + Username: "user", + Password: "password", }, TicketAuth: ConfigTicketAuth{ Expiry: time.Minute,