114 lines
2.9 KiB
Go
114 lines
2.9 KiB
Go
package api
|
|
|
|
import (
|
|
"crypto/hmac"
|
|
"crypto/sha256"
|
|
"crypto/subtle"
|
|
"encoding/hex"
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
|
|
"energy-frontend/internal/config"
|
|
)
|
|
|
|
const (
|
|
cookieName = "energy_session"
|
|
cookieMaxAge = 7 * 24 * 3600 // 7 days
|
|
cookiePath = "/energy"
|
|
)
|
|
|
|
type authHandler struct {
|
|
cfg config.AuthConfig
|
|
}
|
|
|
|
func newAuthHandler(cfg config.AuthConfig) *authHandler {
|
|
return &authHandler{cfg: cfg}
|
|
}
|
|
|
|
func (h *authHandler) loginHandler(w http.ResponseWriter, r *http.Request) {
|
|
var req struct {
|
|
Username string `json:"username"`
|
|
Password string `json:"password"`
|
|
}
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid request"})
|
|
return
|
|
}
|
|
|
|
if subtle.ConstantTimeCompare([]byte(req.Username), []byte(h.cfg.Username)) != 1 ||
|
|
subtle.ConstantTimeCompare([]byte(req.Password), []byte(h.cfg.Password)) != 1 {
|
|
writeJSON(w, http.StatusUnauthorized, map[string]string{"error": "invalid credentials"})
|
|
return
|
|
}
|
|
|
|
http.SetCookie(w, h.createSessionCookie(req.Username))
|
|
writeJSON(w, http.StatusOK, map[string]string{"status": "ok"})
|
|
}
|
|
|
|
func (h *authHandler) logoutHandler(w http.ResponseWriter, r *http.Request) {
|
|
http.SetCookie(w, &http.Cookie{
|
|
Name: cookieName,
|
|
Value: "",
|
|
Path: cookiePath,
|
|
MaxAge: -1,
|
|
HttpOnly: true,
|
|
SameSite: http.SameSiteLaxMode,
|
|
})
|
|
writeJSON(w, http.StatusOK, map[string]string{"status": "ok"})
|
|
}
|
|
|
|
func (h *authHandler) checkHandler(w http.ResponseWriter, r *http.Request) {
|
|
writeJSON(w, http.StatusOK, map[string]string{"status": "ok"})
|
|
}
|
|
|
|
func (h *authHandler) middleware(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
cookie, err := r.Cookie(cookieName)
|
|
if err != nil || !h.validateSession(cookie.Value) {
|
|
writeJSON(w, http.StatusUnauthorized, map[string]string{"error": "unauthorized"})
|
|
return
|
|
}
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
|
|
func (h *authHandler) createSessionCookie(username string) *http.Cookie {
|
|
expires := time.Now().Add(time.Duration(cookieMaxAge) * time.Second)
|
|
payload := fmt.Sprintf("%s|%d", username, expires.Unix())
|
|
sig := h.sign(payload)
|
|
return &http.Cookie{
|
|
Name: cookieName,
|
|
Value: fmt.Sprintf("%s|%s", payload, sig),
|
|
Path: cookiePath,
|
|
MaxAge: cookieMaxAge,
|
|
HttpOnly: true,
|
|
SameSite: http.SameSiteLaxMode,
|
|
}
|
|
}
|
|
|
|
func (h *authHandler) validateSession(value string) bool {
|
|
parts := strings.SplitN(value, "|", 3)
|
|
if len(parts) != 3 {
|
|
return false
|
|
}
|
|
payload := parts[0] + "|" + parts[1]
|
|
if !hmac.Equal([]byte(h.sign(payload)), []byte(parts[2])) {
|
|
return false
|
|
}
|
|
exp, err := strconv.ParseInt(parts[1], 10, 64)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
return time.Now().Unix() < exp
|
|
}
|
|
|
|
func (h *authHandler) sign(payload string) string {
|
|
mac := hmac.New(sha256.New, []byte(h.cfg.Secret))
|
|
mac.Write([]byte(payload))
|
|
return hex.EncodeToString(mac.Sum(nil))
|
|
}
|