feat: admin basic auth

rhnvrm · Apr 19, 2021 · 19a1abd · 19a1abd
1 parent 740c69b
commit 19a1abd
Show file tree

Hide file tree

Showing 7 changed files with 59 additions and 18 deletions.
diff --git a/admin.html b/admin.html
@@ -6,9 +6,9 @@
         <title>{{.Title}}</title>
         <meta name="description" content="{{.Intro}}">
         <meta name="viewport" content="width=device-width, initial-scale=1">
-        <link rel="stylesheet" href="static/css/normalize.css">
-        <link rel="stylesheet" href="static/css/skeleton.css">
-        <link rel="stylesheet" href="static/css/custom.css">
+        <link rel="stylesheet" href="/static/css/normalize.css">
+        <link rel="stylesheet" href="/static/css/skeleton.css">
+        <link rel="stylesheet" href="/static/css/custom.css">
     </head>
     <body>
         <div class="container">
@@ -23,12 +23,14 @@ <h5>{{.Intro}}</h5>
                 <a href="/admin/links/{{.ID}}/weight?action=up">Up</a> 
                 <a href="/admin/links/{{.ID}}/weight?action=down">Down</a> 
                 <a href="/admin/links/{{.ID}}/delete">Delete</a> 
+                <div>
+                    Hits: {{.Hits}} | Weight: {{.Weight}}
+                </div>
             </div>               
             <div class="row link">
-
                 <a href="{{.URL}}">
                 <div class="two columns">
-                    <img width="100%" src="{{.ImageURL}}">
+                    <img class="thumbnail" src="{{.ImageURL}}">
                 </div>
                 <div class="ten columns">
                     <span class="text">
@@ -38,11 +40,7 @@ <h5>{{.Intro}}</h5>
                 </a>
             </div>
 
-            <div class="stats">
-                <div>
-                    Hits: {{.Hits}} | Weight: {{.Weight}}
-                </div>
-            </div>
+
             {{ end }}
 
             <hr>

diff --git a/config.toml b/config.toml
@@ -7,3 +7,7 @@ dbfile="app.db"
 page_logo_url="https://cdn.campsite.bio/zerodha/f2a1839c-db97-480d-949b-005c74a490f0.jpg"
 page_title="Zerodha"
 page_intro="Your friendly neighbourhood broker, helping 3+ million Indians invest."
+
+[auth]
+username="username"
+password="password"
diff --git a/go.mod b/go.mod
@@ -7,4 +7,5 @@ require (
 	github.com/jmoiron/sqlx v1.3.3
 	github.com/knadh/koanf v0.16.0
 	github.com/mattn/go-sqlite3 v1.14.7
+	github.com/urfave/negroni v1.0.0
 )
diff --git a/go.sum b/go.sum
@@ -90,6 +90,8 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/urfave/negroni v1.0.0 h1:kIimOitoypq34K7TG7DUaJ9kq/N4Ofuwi1sjz0KipXc=
+github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=

diff --git a/home.html b/home.html
@@ -6,9 +6,9 @@
         <title>{{.Title}}</title>
         <meta name="description" content="{{.Intro}}">
         <meta name="viewport" content="width=device-width, initial-scale=1">
-        <link rel="stylesheet" href="static/css/normalize.css">
-        <link rel="stylesheet" href="static/css/skeleton.css">
-        <link rel="stylesheet" href="static/css/custom.css">
+        <link rel="stylesheet" href="/static/css/normalize.css">
+        <link rel="stylesheet" href="/static/css/skeleton.css">
+        <link rel="stylesheet" href="/static/css/custom.css">
     </head>
     <body>
         <div class="container">
@@ -21,7 +21,7 @@ <h5>{{.Intro}}</h5>
             <div class="row link">
                 <a href="{{.URL}}" ping="/hits/{{.ID}}">
                 <div class="two columns">
-                    <img width="100px" height="100px" src="{{.ImageURL}}">
+                    <img class="thumbnail" src="{{.ImageURL}}">
                 </div>
                 <div class="ten columns">
                     <span class="text">

diff --git a/main.go b/main.go
@@ -17,6 +17,7 @@ import (
 	"github.com/knadh/koanf/parsers/toml"
 	"github.com/knadh/koanf/providers/file"
 	_ "github.com/mattn/go-sqlite3"
+	"github.com/urfave/negroni"
 )
 
 type Config struct {
@@ -29,6 +30,13 @@ type Config struct {
 	PageLogoURL string `koanf:"page_logo_url"`
 	PageTitle   string `koanf:"page_title"`
 	PageIntro   string `koanf:"page_intro"`
+
+	Auth CfgAuth `koanf:"auth"`
+}
+
+type CfgAuth struct {
+	Username string `koanf:"username"`
+	Password string `koanf:"password"`
 }
 
 type App struct {
@@ -197,6 +205,21 @@ func writeInternalServerErr(w http.ResponseWriter) {
 	w.Write([]byte("500 - Internal Server Error!"))
 }
 
+func basicAuth(cfg Config) negroni.HandlerFunc {
+	return negroni.HandlerFunc(func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
+		user, pass, _ := r.BasicAuth()
+
+		log.Println("DBG", user, pass, cfg.Auth.Username, cfg.Auth.Password)
+		if cfg.Auth.Username != user || cfg.Auth.Password != pass {
+			w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
+			http.Error(w, "Unauthorized.", http.StatusUnauthorized)
+			return
+		}
+
+		next(w, r)
+	})
+}
+
 func main() {
 	cfg := initConfig("config.toml")
 
@@ -222,6 +245,11 @@ func main() {
 	app.UpdateLinks()
 
 	r := mux.NewRouter()
+	admin := mux.NewRouter().PathPrefix("/admin").Subrouter().StrictSlash(true)
+	r.PathPrefix("/admin").Handler(negroni.New(
+		negroni.HandlerFunc(basicAuth(cfg)),
+		negroni.Wrap(admin),
+	))
 
 	r.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		if err := app.Templates.Home.Write(w); err != nil {
@@ -252,15 +280,15 @@ func main() {
 		}
 	})
 
-	r.HandleFunc("/admin", func(w http.ResponseWriter, r *http.Request) {
+	admin.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		app.UpdateLinks()
 		if err := app.Templates.Admin.Execute(w, app.Data); err != nil {
 			log.Printf("error while writing template: %v", err)
 			writeInternalServerErr(w)
 		}
 	})
 
-	r.HandleFunc("/admin/links/{id}/weight", func(w http.ResponseWriter, r *http.Request) {
+	admin.HandleFunc("/links/{id}/weight", func(w http.ResponseWriter, r *http.Request) {
 		keys, ok := r.URL.Query()["action"]
 
 		if !ok || len(keys[0]) < 1 {
@@ -303,7 +331,7 @@ func main() {
 		http.Redirect(w, r, "/admin", http.StatusSeeOther)
 	})
 
-	r.HandleFunc("/admin/links/{id}/delete", func(w http.ResponseWriter, r *http.Request) {
+	admin.HandleFunc("/links/{id}/delete", func(w http.ResponseWriter, r *http.Request) {
 		rawID, ok := mux.Vars(r)["id"]
 		if !ok {
 			// TODO handle err
@@ -336,7 +364,7 @@ func main() {
 		http.Redirect(w, r, "/admin", http.StatusSeeOther)
 	})
 
-	r.HandleFunc("/admin/links/new", func(w http.ResponseWriter, r *http.Request) {
+	admin.HandleFunc("/links/new", func(w http.ResponseWriter, r *http.Request) {
 		r.ParseForm()
 
 		text := r.Form.Get("text")
@@ -368,5 +396,6 @@ func main() {
 		ReadTimeout:  cfg.WriteTimeout,
 	}
 
+	log.Printf("starting server at", cfg.HTTPAddr)
 	log.Fatal(srv.ListenAndServe())
 }
diff --git a/static/css/custom.css b/static/css/custom.css
@@ -20,3 +20,10 @@
 .text {
   line-height: 100px;
 }
+.thumbnail {
+  width: 100px;
+  height: 100px;
+}
+.stats {
+  margin-top: 10px;
+}