🛂 Used config credentials for BasicAuth middleware
This commit is contained in:
parent
9ef9e16625
commit
7680845f74
|
@ -1,23 +1,32 @@
|
||||||
---
|
---
|
||||||
name: IndieAuth
|
name: "IndieAuth"
|
||||||
runMode: "dev"
|
runMode: "dev"
|
||||||
server:
|
server:
|
||||||
protocol: http
|
|
||||||
domain: localhost
|
|
||||||
rootUrl: "{{protocol}}://{{domain}}:{{port}}/"
|
|
||||||
staticUrlPrefix: "/static"
|
|
||||||
host: "0.0.0.0"
|
|
||||||
port: 3000
|
|
||||||
certFile: "https/cert.pem"
|
certFile: "https/cert.pem"
|
||||||
keyFile: "https/key.pem"
|
domain: "localhost"
|
||||||
staticRootPath: "/"
|
|
||||||
enablePprof: false
|
enablePprof: false
|
||||||
|
host: "0.0.0.0"
|
||||||
|
keyFile: "https/key.pem"
|
||||||
|
port: 3000
|
||||||
|
protocol: "http"
|
||||||
|
rootUrl: "{{protocol}}://{{domain}}:{{port}}/"
|
||||||
|
staticRootPath: "assets/"
|
||||||
|
staticUrlPrefix: "/static"
|
||||||
database:
|
database:
|
||||||
type: bolt
|
type: "memory"
|
||||||
path: data/indieauth.db
|
# path: "data/development.db"
|
||||||
indieauth:
|
code:
|
||||||
|
expiry: "10m"
|
||||||
|
length: 32
|
||||||
|
jwt:
|
||||||
|
algorithm: "RS256"
|
||||||
|
expiry: "1h"
|
||||||
|
nonceLength: 24
|
||||||
|
secret: "hackme"
|
||||||
|
indieAuth:
|
||||||
enabled: true
|
enabled: true
|
||||||
accessTokenExpirationTime: 3600
|
username: user
|
||||||
jwtSigningAlgorithm: "RS256"
|
password: hackme
|
||||||
jwtSecret: ""
|
ticketAuth:
|
||||||
jwtSigningPrivateKeyFile: "jwt/private.pem"
|
expiry: "1m"
|
||||||
|
length: 24
|
||||||
|
|
|
@ -140,14 +140,19 @@ func (h *RequestHandler) Register(r *router.Router) {
|
||||||
Skipper: func(ctx *http.RequestCtx) bool {
|
Skipper: func(ctx *http.RequestCtx) bool {
|
||||||
matched, _ := path.Match("/api/*", string(ctx.Path()))
|
matched, _ := path.Match("/api/*", string(ctx.Path()))
|
||||||
provider := string(ctx.QueryArgs().Peek("provider"))
|
provider := string(ctx.QueryArgs().Peek("provider"))
|
||||||
|
providerMatched := provider != "" && provider != domain.ProviderDirect.UID
|
||||||
|
|
||||||
return !ctx.IsPost() || !matched ||
|
return !ctx.IsPost() || !matched || providerMatched
|
||||||
(provider != "" && provider != domain.ProviderDirect.UID)
|
|
||||||
},
|
},
|
||||||
Validator: func(ctx *http.RequestCtx, login, password string) (bool, error) {
|
Validator: func(ctx *http.RequestCtx, login, password string) (bool, error) {
|
||||||
// TODO(toby3d): change this
|
userMatch := subtle.ConstantTimeCompare(
|
||||||
return subtle.ConstantTimeCompare([]byte(login), []byte("admin")) == 1 &&
|
[]byte(login), []byte(h.config.IndieAuth.Username),
|
||||||
subtle.ConstantTimeCompare([]byte(password), []byte("hackme")) == 1, nil
|
)
|
||||||
|
passMatch := subtle.ConstantTimeCompare(
|
||||||
|
[]byte(password), []byte(h.config.IndieAuth.Password),
|
||||||
|
)
|
||||||
|
|
||||||
|
return userMatch == 1 && passMatch == 1, nil
|
||||||
},
|
},
|
||||||
}),
|
}),
|
||||||
middleware.LogFmt(),
|
middleware.LogFmt(),
|
||||||
|
|
|
@ -55,7 +55,9 @@ type (
|
||||||
}
|
}
|
||||||
|
|
||||||
ConfigIndieAuth struct {
|
ConfigIndieAuth struct {
|
||||||
Enabled bool `yaml:"enabled"` // true
|
Enabled bool `yaml:"enabled"` // true
|
||||||
|
Username string `yaml:"username"`
|
||||||
|
Password string `yaml:"password"`
|
||||||
}
|
}
|
||||||
|
|
||||||
ConfigTicketAuth struct {
|
ConfigTicketAuth struct {
|
||||||
|
@ -109,7 +111,9 @@ func TestConfig(tb testing.TB) *Config {
|
||||||
Algorithm: "HS256",
|
Algorithm: "HS256",
|
||||||
},
|
},
|
||||||
IndieAuth: ConfigIndieAuth{
|
IndieAuth: ConfigIndieAuth{
|
||||||
Enabled: true,
|
Enabled: true,
|
||||||
|
Username: "user",
|
||||||
|
Password: "password",
|
||||||
},
|
},
|
||||||
TicketAuth: ConfigTicketAuth{
|
TicketAuth: ConfigTicketAuth{
|
||||||
Expiry: time.Minute,
|
Expiry: time.Minute,
|
||||||
|
|
Loading…
Reference in New Issue