phga/bs1in
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Working DB connections and login

Browse Source
This commit is contained in:
phga 2021-10-13 21:32:56 +02:00
parent 91841ab3d3
commit e32df47ca2
12 changed files with 528 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1,4 +1,5 @@
web/static/fonts/* web/static/fonts/*
web/data/ web/data/
configs/* configs/*
cmd/bs1in/bs1in cmd/bs1in/bs1in
/build/.env

28
build/docker-compose.yml
View File

@ -9,15 +9,15 @@ services:
ports: ports:
- 8099:6969 - 8099:6969
volumes: volumes:
- /srv/bs1in/configs:CONFIGFOLDER - /srv/bs1in/configs:/go/src/g.phga.de/phga/bs1in/configs
- /srv/bs1in/web/data:DATAFOLDER - /srv/bs1in/web/data:/go/src/g.phga.de/phga/bs1in/web/data
- /srv/bs1in/web/static/fonts:FONTSFOLDER - /srv/bs1in/web/static/fonts:/go/src/g.phga.de/phga/bs1in/web/static/fonts
mongo: mongo:
image: mongo image: mongo
restart: 'no' restart: 'no'
env_file: env_file:
- /srv/gott/.env - /srv/bs1in/.env
ports: ports:
- 27017:27017 - 27017:27017
volumes: volumes:
@ -29,4 +29,22 @@ services:
ports: ports:
- 9099:8081 - 9099:8081
env_file: env_file:
- /srv/bs1in/.env - /srv/bs1in/.env
mariadb:
image: mariadb
container_name: mariadb
restart: 'no'
env_file:
- /srv/bs1in/.env
ports:
- '3306:3306'
volumes:
- /srv/mariadb/init:/docker-entrypoint-initdb.d
adminer:
image: adminer:4.8.0
container_name: adminer
restart: 'no'
ports:
- '8013:8080'

199
cmd/bs1in/auth.go Normal file
View File

@ -0,0 +1,199 @@
package main
import (
"context"
cryptorand "crypto/rand"
"encoding/json"
"io"
"log"
"net/http"
"time"
"go.mongodb.org/mongo-driver/bson"
"golang.org/x/crypto/bcrypt"
)
type Session struct {
ID [32]byte `json:"id" bson:"id"`
AuthToken [32]byte `json:"auth_token" bson:"auth_token"`
Timestamp int64 `json:"timestamp" bson:"timestamp"`
}
// ------------------------------- MIDDLEWARE ----------------------------------
type ctxKey int
const currUserKey ctxKey = 0
// validateSession verifies that the client has a session that is still valid
func validateSession(h http.HandlerFunc, role string) http.HandlerFunc {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Allow to access required files pre login
if r.URL.Path == "/static/css/tt.css" ||
r.URL.Path == "/static/js/helper.js" ||
r.URL.Path == "/static/fonts/OpenSans-Regular.ttf" {
h(w, r)
return
}
cookie, err := r.Cookie("SESSION")
if err == http.ErrNoCookie {
// Redirect to /login
w.Header().Set("Location", "/login?r="+r.URL.Path)
w.WriteHeader(http.StatusFound)
log.Println(err)
return
} else if err != nil {
log.Fatal(err)
return
}
// TESTING: Show cookie content
// log.Printf("%+v", *cookie)
requestedUser := checkSession([]byte(cookie.Value))
if requestedUser == nil {
unsetCookie(w)
w.Header().Set("Location", "/login")
w.WriteHeader(http.StatusFound)
return
}
// Set new timestamp
requestedUser.CurrSession.Timestamp = time.Now().UTC().UnixNano()
// Save to database
updateSession(requestedUser)
setEncryptedCookie(w, requestedUser)
ctx := context.WithValue(r.Context(), currUserKey, *requestedUser)
requestWithUser := r.WithContext(ctx)
// ORIGINAL HANDLER
switch role {
case "":
h(w, requestWithUser)
case "admin":
if isAdmin(requestedUser) {
h(w, requestWithUser)
} else {
w.Header().Set("Location", "/")
w.WriteHeader(http.StatusFound)
}
}
})
}
func isAdmin(u *User) bool {
if u.Role == "admin" {
log.Println("IS ADMIN")
return true
} else {
log.Println("IS NOT ADMIN")
return false
}
}
func encryptSession(s Session) (es []byte) {
js, err := json.Marshal(s)
if err != nil {
log.Fatal(err)
}
es, err = encrypt(js, encKey)
if err != nil {
log.Fatal(err)
}
return
}
func setEncryptedCookie(w http.ResponseWriter, u *User) {
cValue := encryptSession(u.CurrSession)
cookie := &http.Cookie{
Name: "SESSION",
Value: string(cValue),
MaxAge: int(6 * time.Hour / time.Second),
Path: "/",
HttpOnly: false,
}
http.SetCookie(w, cookie)
}
func unsetCookie(w http.ResponseWriter) {
cookie := &http.Cookie{
Name: "SESSION",
MaxAge: -69,
Path: "/",
}
http.SetCookie(w, cookie)
}
// checkCredentials compares the pw provided by the user to the hashed version
// in the database and returns true for success and false otherwise
func checkCredentials(u *User, pw string) bool {
hashedPw := u.Pass
err := bcrypt.CompareHashAndPassword([]byte(hashedPw), []byte(pw))
if err != nil {
log.Print(err)
return false
}
return true
}
// checkSession compares the encrypted session string with the current Session
// set for the user and returns true if they match
func checkSession(receivedSession []byte) *User {
// Test
dec, err := decrypt(receivedSession, encKey)
if err != nil {
log.Println("Encryption key changed, deleting remaining cookies!")
return nil
}
// log.Println(string(dec))
decryptedSession := Session{}
err = json.Unmarshal(dec, &decryptedSession)
if err != nil {
log.Fatal(err)
}
// There is no current user but a (mayb) valid session -> get user with session from db
requestedUser, err := getUserBySession(&decryptedSession)
if err != nil {
log.Println("No user with that session found in db:", err)
return nil
}
// 6 hours ago
maxSessionAge := time.Now().UTC().UnixNano() - int64(6*time.Hour)
// Check if session is still valid (Other values must match anyways)
if requestedUser.CurrSession.Timestamp >= maxSessionAge {
return requestedUser
} else {
log.Println("User logged out because Session is no longer valid")
return nil
}
}
func updateSession(u *User) {
filter := bson.D{{"uid", u.UID}}
update := bson.D{{"$set", bson.D{{"curr_session", u.CurrSession}}}}
res, err := colUsers.UpdateOne(mongoCtx, filter, update)
if err != nil {
log.Fatal(err, res)
}
}
func createSession() (s Session) {
var sID, aToken [32]byte
_, err := io.ReadFull(cryptorand.Reader, sID[:])
if err != nil {
log.Fatal(err)
}
_, err = io.ReadFull(cryptorand.Reader, aToken[:])
if err != nil {
log.Fatal(err)
}
// MAYB: Also hash the random number? Any advantages?
// sID := sha256.Sum256(nonce)
// aToken := sha256.Sum256(nonce)
return Session{ID: sID, AuthToken: aToken, Timestamp: time.Now().UTC().UnixNano()}
}

92
cmd/bs1in/bs1in.go
View File

@ -12,12 +12,14 @@ import (
) )
func main() { func main() {
// cheap routing http.HandleFunc("/login", handleLogin)
http.HandleFunc("/", handleIndex) http.HandleFunc("/register", handleRegister)
http.HandleFunc("/db_user", handleDbUser) http.HandleFunc("/logout", validateSession(handleLogout, ""))
http.HandleFunc("/", validateSession(handleIndex, ""))
http.HandleFunc("/admin_panel", validateSession(handleAdminPanel, "admin"))
// provide the inc directory to the useragent // provide the inc directory to the useragent
http.HandleFunc("/static/", handleStatic) http.HandleFunc("/static/", validateSession(handleStatic, ""))
// listen on port 8080 (I use nginx to proxy this local server) // listen on port 8080 (I use nginx to proxy this local server)
log.Fatalln(http.ListenAndServe(":"+config.WebPort, nil)) log.Fatalln(http.ListenAndServe(":"+config.WebPort, nil))
} }
@ -38,13 +40,85 @@ func handleStatic(w http.ResponseWriter, r *http.Request) {
func handleIndex(w http.ResponseWriter, r *http.Request) { func handleIndex(w http.ResponseWriter, r *http.Request) {
// Parses all required html files to provide the actual html that is shipped. // Parses all required html files to provide the actual html that is shipped.
t, _ := getTemplate("layouts/base.html", "main.html", "header.html") t, _ := getTemplate("layouts/base.html", "main.html", "header.html")
t.Execute(w, t) currUser := r.Context().Value(currUserKey).(User)
td := TmplData{currUser, nil}
t.Execute(w, td)
} }
func handleDbUser(w http.ResponseWriter, r *http.Request) { func handleAdminPanel(w http.ResponseWriter, r *http.Request) {
// Parses all required html files to provide the actual html that is shipped. if r.Method == http.MethodGet {
t, _ := getTemplate("layouts/base.html", "db_user.html", "header.html") t, _ := getTemplate("layouts/base.html", "admin_panel.html", "header.html")
t.Execute(w, t) currUser := r.Context().Value(currUserKey).(User)
td := TmplData{currUser, nil}
t.Execute(w, td)
}
}
func handleRegister(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodGet {
t, _ := getTemplate("layouts/base.html", "register.html")
err := t.Execute(w, nil)
if err != nil {
log.Println(err)
}
}
}
func handleLogin(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodGet {
t, _ := getTemplate("layouts/base.html", "login.html")
lastURL := r.URL.Query().Get("r")
if len(lastURL) == 0 {
lastURL = "/"
}
td := TmplData{nil, struct{ RedirectTo string }{lastURL}}
err := t.Execute(w, td)
if err != nil {
log.Println(err)
}
} else if r.Method == http.MethodPost {
if err := r.ParseForm(); err != nil {
log.Fatal(err)
}
uid := r.PostForm.Get("username")
pw := r.PostForm.Get("password")
// TESTING: Logging of entered credentials
log.Println("UID: ", uid, " PW: ", pw)
var requestedUser *User
var err error
requestedUser, err = getUserByUID(uid)
if err != nil {
log.Println("No user with this id exists: ", uid)
w.WriteHeader(http.StatusForbidden)
return
}
success := checkCredentials(requestedUser, pw)
if success {
// IT IS IMPORTANT TO SET THE COOKIE BEFORE ANY OTHER OUTPUT TO W OCCURS
requestedUser.CurrSession = createSession()
updateSession(requestedUser)
setEncryptedCookie(w, requestedUser)
w.WriteHeader(http.StatusOK)
return
} else {
log.Println("Failed login attempt for user: ", uid)
w.WriteHeader(http.StatusForbidden)
return
}
}
}
func handleLogout(w http.ResponseWriter, r *http.Request) {
unsetCookie(w)
w.Header().Set("Location", "/")
w.WriteHeader(http.StatusFound)
} }
// ------------------------- TEMPLATE HELPERS ---------------------------------- // ------------------------- TEMPLATE HELPERS ----------------------------------

15
cmd/bs1in/config.go
View File

@ -8,10 +8,17 @@ import (
type Config struct { type Config struct {
WebPort string `json:"web_port"` WebPort string `json:"web_port"`
DbUser string `json:"db_user"` WebDomain string `json:"web_domain"`
DbPass string `json:"db_pass"` WebAdmin string `json:"web_admin"`
DbHost string `json:"db_host"` WebAdminPass string `json:"web_admin_pass"`
DbPort string `json:"db_port"` MongoDbUser string `json:"mongodb_user"`
MongoDbPass string `json:"mongodb_pass"`
MongoDbHost string `json:"mongodb_host"`
MongoDbPort string `json:"mongodb_port"`
MariaDbUser string `json:"mariadb_user"`
MariaDbPass string `json:"mariadb_pass"`
MariaDbHost string `json:"mariadb_host"`
MariaDbPort string `json:"mariadb_port"`
MailUser string `json:"mail_user"` MailUser string `json:"mail_user"`
MailPass string `json:"mail_pass"` MailPass string `json:"mail_pass"`
MailSmtpServer string `json:"mail_smtp_server"` MailSmtpServer string `json:"mail_smtp_server"`

43
cmd/bs1in/database.go
View File

@ -7,18 +7,28 @@ import (
"go.mongodb.org/mongo-driver/mongo" "go.mongodb.org/mongo-driver/mongo"
"go.mongodb.org/mongo-driver/mongo/options" "go.mongodb.org/mongo-driver/mongo/options"
"database/sql"
"github.com/go-sql-driver/mysql"
_ "github.com/go-sql-driver/mysql"
) )
var client mongo.Client var client mongo.Client
var colDbUsers *mongo.Collection var colUsers *mongo.Collection
var mongoCtx context.Context var mongoCtx context.Context
func init() { func init() {
openMongoDBConnection()
openMariaDBConnection()
}
func openMongoDBConnection() {
// Mongo DB setup // Mongo DB setup
clientOptions := options.Client().ApplyURI("mongodb://" + config.DbUser + ":" + config.DbPass + "@" + config.DbHost + ":" + config.DbPort) clientOptions := options.Client().ApplyURI("mongodb://" + config.MongoDbUser + ":" + config.MongoDbPass + "@" + config.MongoDbHost + ":" + config.MongoDbPort)
client, err := mongo.NewClient(clientOptions) client, err := mongo.NewClient(clientOptions)
if err != nil { if err != nil {
log.Fatal(err) log.Fatal("DB Error: ", err)
} }
// Cancel if Timeout // Cancel if Timeout
ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second) ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
@ -27,8 +37,31 @@ func init() {
// Connect to DB // Connect to DB
err = client.Connect(ctx) err = client.Connect(ctx)
if err != nil { if err != nil {
log.Fatal(err) log.Fatal("DB Error: ", err)
} }
colDbUsers = client.Database("bs1in").Collection("db_users") colUsers = client.Database("bs1in").Collection("users")
}
func openMariaDBConnection() {
dbConf := mysql.Config{
User: config.MariaDbUser,
Passwd: config.MariaDbPass,
Net: "tcp",
Addr: config.MariaDbHost + ":" + config.MariaDbPort,
AllowNativePasswords: true, // Without this it did not work...
}
mariadb, err := sql.Open("mysql", dbConf.FormatDSN())
if err != nil {
log.Fatal("MariaDB Connection Error: ", err)
}
err = mariadb.Ping()
if err != nil {
log.Fatal("MariaDB not reachable (Ping Error): ", err)
}
var version string
mariadb.QueryRow("SELECT VERSION()").Scan(&version)
log.Println("Connected to:", version)
} }

8
cmd/bs1in/mail_test.go
View File

@ -5,8 +5,8 @@ import (
) )
func TestSendMail(t *testing.T) { func TestSendMail(t *testing.T) {
err := sendMail("mrc1rz+8ca4wocgn0mz8@sharklasers.com", "Test Test 123", "Hello, this is just a test") // err := sendMail("pmvfck+22j3zqaeild4k@sharklasers.com", "Test Test 123", "Hello, this is just a test")
if err != nil { // if err != nil {
t.Error(err) // t.Error("Mail Error: ", err)
} // }
} }

116
cmd/bs1in/user.go Normal file
View File

@ -0,0 +1,116 @@
package main
import (
"log"
"go.mongodb.org/mongo-driver/bson"
"go.mongodb.org/mongo-driver/bson/primitive"
"go.mongodb.org/mongo-driver/mongo"
"golang.org/x/crypto/bcrypt"
)
// User of the experiment
type User struct {
ID primitive.ObjectID `bson:"_id"`
UID string `bson:"uid"`
Mail string `bson: mail`
Pass string `bson:"pass"`
CurrSession Session `bson:"curr_session"`
Role string `bson:"role"`
}
func init() {
createUser(config.WebAdmin, "", config.WebAdminPass, "admin")
}
// createUser creates a new participant and writes it to the database.
func createUser(uid string, email string, pass string, role string) *User {
_, err := getUserByUID(uid)
if err != mongo.ErrNoDocuments {
log.Println("User with that UID already exists")
return nil
}
if len(email) > 0 {
_, err = getUserByEmail(email)
if err != mongo.ErrNoDocuments {
log.Println("User with that email already exists")
return nil
}
}
// salt+hash password to store in DB
hashedPw, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
if err != nil {
log.Fatal("Error while creating a new User: ", err)
}
u := &User{
ID: primitive.NewObjectID(),
UID: uid,
Mail: email,
Pass: string(hashedPw),
Role: role,
}
_, err = colUsers.InsertOne(mongoCtx, u)
if err != nil {
log.Fatal("Error while saving new user to DB: ", err)
}
return u
}
// generateUserID generates a unique ID for each participant
func generateUserID() (uid string) {
for {
uid = generateRandomString(5, "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890")
// Check if ID is already in use
err := colUsers.FindOne(mongoCtx, bson.M{"uid": uid}).Decode(bson.M{})
// If not in use stop loop
if err == mongo.ErrNoDocuments {
break
} else {
// Log other errors
log.Fatal(err)
}
}
return
}
// getUserByUID returns a user with the same UID as uid from the DB
func getUserByUID(uid string) (p *User, err error) {
p = &User{}
err = colUsers.FindOne(mongoCtx, bson.M{"uid": uid}).Decode(p)
if err == mongo.ErrNoDocuments {
return nil, err
} else if err != nil {
log.Fatal(err)
}
return p, nil
}
// getUserByEmail returns a user with the same email as email from the DB
func getUserByEmail(email string) (p *User, err error) {
p = &User{}
err = colUsers.FindOne(mongoCtx, bson.M{"mail": email}).Decode(p)
if err == mongo.ErrNoDocuments {
return nil, err
} else if err != nil {
log.Fatal(err)
}
return p, nil
}
// getUserBySession returns a user with the same session as session from the DB
func getUserBySession(s *Session) (p *User, err error) {
p = &User{}
// Get only id and authtoken otherwise timestamp might be already overwritten
err = colUsers.FindOne(mongoCtx, bson.M{
"curr_session.id": s.ID,
"curr_session.auth_token": s.AuthToken,
}).Decode(p)
if err == mongo.ErrNoDocuments {
return nil, err
} else if err != nil {
log.Fatal(err)
}
return p, nil
}

1
go.mod
View File

@ -5,6 +5,7 @@ go 1.17
require go.mongodb.org/mongo-driver v1.7.3 require go.mongodb.org/mongo-driver v1.7.3
require ( require (
github.com/go-sql-driver/mysql v1.6.0 // indirect
github.com/go-stack/stack v1.8.0 // indirect github.com/go-stack/stack v1.8.0 // indirect
github.com/golang/snappy v0.0.1 // indirect github.com/golang/snappy v0.0.1 // indirect
github.com/klauspost/compress v1.13.6 // indirect github.com/klauspost/compress v1.13.6 // indirect

2
go.sum
View File

@ -2,6 +2,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk= github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0= github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=

5
web/templates/header.html
View File

@ -1,4 +1,9 @@
{{define "header"}} {{define "header"}}
<header> <header>
<nav>
<a href="/">home</a>
<a href="/admin_panel">admin</a>
<a href="/logout">logout</a>
</nav>
</header> </header>
{{end}} {{end}}

44
web/templates/login.html Normal file
View File

@ -0,0 +1,44 @@
{{define "body"}}
<form id="frm-login" method="post" action="/login">
<label for="inp-username">Participant ID:</label>
<input id="inp-username" name="username" type="text" value=""/>
<label for="inp-password">Password:</label>
<input id="inp-password" name="password" type="password" value=""/>
<input type="hidden" name="redirectTo" value="{{ .RedirectTo }}" />
<button>Login</button>
</form>
<div class="hidden" id="general-info"></div>
{{end}}
{{define "scripts"}}
<script>
let frm = document.getElementById("frm-login");
let infoBox = document.getElementById("general-info");
frm.addEventListener("submit", e => {
e.preventDefault();
let fd = new FormData(frm);
fetch("/login", {
method: "POST",
body: new URLSearchParams({
username: fd.get("username"),
password: fd.get("password")
}),
headers: {
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8"
}
}).then(res => {
if (res.status == 200) {
window.location = fd.get("redirectTo");
} else {
setInfo(infoBox, "Failure", "red", "grey1");
toggleHidden(infoBox, "off");
setTimeout(() => {
toggleHidden(infoBox, "on");
}, 2000);
}
})
})
</script>
<script src="/static/js/helper.js"></script>
{{end}}