🛂 Used config credentials for BasicAuth middleware
This commit is contained in:
parent
9ef9e16625
commit
7680845f74
GPG Key ID:
1F14E25B7C119FC5
|
|
@ -1,23 +1,32 @@
|
|||
---
|
||||
name: IndieAuth
|
||||
name: "IndieAuth"
|
||||
runMode: "dev"
|
||||
server:
|
||||
protocol: http
|
||||
domain: localhost
|
||||
rootUrl: "{{protocol}}://{{domain}}:{{port}}/"
|
||||
staticUrlPrefix: "/static"
|
||||
host: "0.0.0.0"
|
||||
port: 3000
|
||||
certFile: "https/cert.pem"
|
||||
keyFile: "https/key.pem"
|
||||
staticRootPath: "/"
|
||||
domain: "localhost"
|
||||
enablePprof: false
|
||||
host: "0.0.0.0"
|
||||
keyFile: "https/key.pem"
|
||||
port: 3000
|
||||
protocol: "http"
|
||||
rootUrl: "{{protocol}}://{{domain}}:{{port}}/"
|
||||
staticRootPath: "assets/"
|
||||
staticUrlPrefix: "/static"
|
||||
database:
|
||||
type: bolt
|
||||
path: data/indieauth.db
|
||||
indieauth:
|
||||
type: "memory"
|
||||
# path: "data/development.db"
|
||||
code:
|
||||
expiry: "10m"
|
||||
length: 32
|
||||
jwt:
|
||||
algorithm: "RS256"
|
||||
expiry: "1h"
|
||||
nonceLength: 24
|
||||
secret: "hackme"
|
||||
indieAuth:
|
||||
enabled: true
|
||||
accessTokenExpirationTime: 3600
|
||||
jwtSigningAlgorithm: "RS256"
|
||||
jwtSecret: ""
|
||||
jwtSigningPrivateKeyFile: "jwt/private.pem"
|
||||
username: user
|
||||
password: hackme
|
||||
ticketAuth:
|
||||
expiry: "1m"
|
||||
length: 24
|
||||
|
|
|
|||
|
|
@ -140,14 +140,19 @@ func (h *RequestHandler) Register(r *router.Router) {
|
|||
Skipper: func(ctx *http.RequestCtx) bool {
|
||||
matched, _ := path.Match("/api/*", string(ctx.Path()))
|
||||
provider := string(ctx.QueryArgs().Peek("provider"))
|
||||
providerMatched := provider != "" && provider != domain.ProviderDirect.UID
|
||||
|
||||
return !ctx.IsPost() || !matched ||
|
||||
(provider != "" && provider != domain.ProviderDirect.UID)
|
||||
return !ctx.IsPost() || !matched || providerMatched
|
||||
},
|
||||
Validator: func(ctx *http.RequestCtx, login, password string) (bool, error) {
|
||||
// TODO(toby3d): change this
|
||||
return subtle.ConstantTimeCompare([]byte(login), []byte("admin")) == 1 &&
|
||||
subtle.ConstantTimeCompare([]byte(password), []byte("hackme")) == 1, nil
|
||||
userMatch := subtle.ConstantTimeCompare(
|
||||
[]byte(login), []byte(h.config.IndieAuth.Username),
|
||||
)
|
||||
passMatch := subtle.ConstantTimeCompare(
|
||||
[]byte(password), []byte(h.config.IndieAuth.Password),
|
||||
)
|
||||
|
||||
return userMatch == 1 && passMatch == 1, nil
|
||||
},
|
||||
}),
|
||||
middleware.LogFmt(),
|
||||
|
|
|
|||
|
|
@ -55,7 +55,9 @@ type (
|
|||
}
|
||||
|
||||
ConfigIndieAuth struct {
|
||||
Enabled bool `yaml:"enabled"` // true
|
||||
Enabled bool `yaml:"enabled"` // true
|
||||
Username string `yaml:"username"`
|
||||
Password string `yaml:"password"`
|
||||
}
|
||||
|
||||
ConfigTicketAuth struct {
|
||||
|
|
@ -109,7 +111,9 @@ func TestConfig(tb testing.TB) *Config {
|
|||
Algorithm: "HS256",
|
||||
},
|
||||
IndieAuth: ConfigIndieAuth{
|
||||
Enabled: true,
|
||||
Enabled: true,
|
||||
Username: "user",
|
||||
Password: "password",
|
||||
},
|
||||
TicketAuth: ConfigTicketAuth{
|
||||
Expiry: time.Minute,
|
||||
|
|
|
|||
Loading…
Reference in New Issue