Compare commits
2 commits
edc0c0c036
...
da7925ae08
Author | SHA1 | Date | |
---|---|---|---|
da7925ae08 | |||
2bffdcdcf7 |
5 changed files with 275 additions and 7 deletions
|
@ -102,6 +102,15 @@ func (c *Context) GetHeader(key string) string {
|
||||||
return c.Request.httpRequest.Header.Get(key)
|
return c.Request.httpRequest.Header.Get(key)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *Context) GetCookie() (UserCookie, error) {
|
||||||
|
|
||||||
|
user, err := GetCookie(c.Request.httpRequest)
|
||||||
|
if err != nil {
|
||||||
|
return user, err
|
||||||
|
}
|
||||||
|
return user, nil
|
||||||
|
}
|
||||||
|
|
||||||
func (c *Context) GetUploadedFile(name string) *UploadedFileInfo {
|
func (c *Context) GetUploadedFile(name string) *UploadedFileInfo {
|
||||||
file, fileHeader, err := c.Request.httpRequest.FormFile(name)
|
file, fileHeader, err := c.Request.httpRequest.FormFile(name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
238
cookies.go
Normal file
238
cookies.go
Normal file
|
@ -0,0 +1,238 @@
|
||||||
|
// Copyright (c) 2024 Zeni Kim <zenik@smarteching.com>
|
||||||
|
// Use of this source code is governed by MIT-style
|
||||||
|
// license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
package core
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/aes"
|
||||||
|
"crypto/cipher"
|
||||||
|
|
||||||
|
"bytes"
|
||||||
|
"crypto/rand"
|
||||||
|
"encoding/base64"
|
||||||
|
"encoding/gob"
|
||||||
|
"encoding/hex"
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"io"
|
||||||
|
"net/http"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
ErrValueTooLong = errors.New("cookie value too long")
|
||||||
|
ErrInvalidValue = errors.New("invalid cookie value")
|
||||||
|
)
|
||||||
|
|
||||||
|
// Declare the User type.
|
||||||
|
type UserCookie struct {
|
||||||
|
Email string
|
||||||
|
Token string
|
||||||
|
}
|
||||||
|
|
||||||
|
var secretcookie []byte
|
||||||
|
|
||||||
|
func GetCookie(r *http.Request) (UserCookie, error) {
|
||||||
|
|
||||||
|
var err error
|
||||||
|
// Create a new instance of a User type.
|
||||||
|
var user UserCookie
|
||||||
|
|
||||||
|
secretcookie, err = hex.DecodeString("13d6b4dff8f84a10851021ec8608f814570d562c92fe6b5ec4c9f595bcb3234b")
|
||||||
|
if err != nil {
|
||||||
|
return user, err
|
||||||
|
}
|
||||||
|
|
||||||
|
gobEncodedValue, err := CookieReadEncrypted(r, "goffee", secretcookie)
|
||||||
|
if err != nil {
|
||||||
|
return user, err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create an strings.Reader containing the gob-encoded value.
|
||||||
|
reader := strings.NewReader(gobEncodedValue)
|
||||||
|
|
||||||
|
// Decode it into the User type. Notice that we need to pass a *pointer* to
|
||||||
|
// the Decode() target here?
|
||||||
|
if err := gob.NewDecoder(reader).Decode(&user); err != nil {
|
||||||
|
return user, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return user, nil
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
func SetCookie(w http.ResponseWriter, email string, token string) error {
|
||||||
|
// Initialize a User struct containing the data that we want to store in the
|
||||||
|
// cookie.
|
||||||
|
var err error
|
||||||
|
|
||||||
|
secretcookie, err = hex.DecodeString("13d6b4dff8f84a10851021ec8608f814570d562c92fe6b5ec4c9f595bcb3234b")
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
user := UserCookie{Email: email, Token: token}
|
||||||
|
|
||||||
|
// Initialize a buffer to hold the gob-encoded data.
|
||||||
|
var buf bytes.Buffer
|
||||||
|
|
||||||
|
// Gob-encode the user data, storing the encoded output in the buffer.
|
||||||
|
err = gob.NewEncoder(&buf).Encode(&user)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Call buf.String() to get the gob-encoded value as a string and set it as
|
||||||
|
// the cookie value.
|
||||||
|
cookie := http.Cookie{
|
||||||
|
Name: "goffee",
|
||||||
|
Value: buf.String(),
|
||||||
|
Path: "/",
|
||||||
|
MaxAge: 3600,
|
||||||
|
HttpOnly: true,
|
||||||
|
Secure: true,
|
||||||
|
SameSite: http.SameSiteLaxMode,
|
||||||
|
}
|
||||||
|
|
||||||
|
// Write an encrypted cookie containing the gob-encoded data as normal.
|
||||||
|
err = CookieWriteEncrypted(w, cookie, secretcookie)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
fmt.Printf("Cookie set %v\n", email)
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func CookieWrite(w http.ResponseWriter, cookie http.Cookie) error {
|
||||||
|
// Encode the cookie value using base64.
|
||||||
|
cookie.Value = base64.URLEncoding.EncodeToString([]byte(cookie.Value))
|
||||||
|
|
||||||
|
// Check the total length of the cookie contents. Return the ErrValueTooLong
|
||||||
|
// error if it's more than 4096 bytes.
|
||||||
|
if len(cookie.String()) > 4096 {
|
||||||
|
return ErrValueTooLong
|
||||||
|
}
|
||||||
|
|
||||||
|
// Write the cookie as normal.
|
||||||
|
http.SetCookie(w, &cookie)
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func CookieRead(r *http.Request, name string) (string, error) {
|
||||||
|
// Read the cookie as normal.
|
||||||
|
cookie, err := r.Cookie(name)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Decode the base64-encoded cookie value. If the cookie didn't contain a
|
||||||
|
// valid base64-encoded value, this operation will fail and we return an
|
||||||
|
// ErrInvalidValue error.
|
||||||
|
value, err := base64.URLEncoding.DecodeString(cookie.Value)
|
||||||
|
if err != nil {
|
||||||
|
return "", ErrInvalidValue
|
||||||
|
}
|
||||||
|
|
||||||
|
// Return the decoded cookie value.
|
||||||
|
return string(value), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func CookieWriteEncrypted(w http.ResponseWriter, cookie http.Cookie, secretKey []byte) error {
|
||||||
|
// Create a new AES cipher block from the secret key.
|
||||||
|
block, err := aes.NewCipher(secretKey)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Wrap the cipher block in Galois Counter Mode.
|
||||||
|
aesGCM, err := cipher.NewGCM(block)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create a unique nonce containing 12 random bytes.
|
||||||
|
nonce := make([]byte, aesGCM.NonceSize())
|
||||||
|
_, err = io.ReadFull(rand.Reader, nonce)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Prepare the plaintext input for encryption. Because we want to
|
||||||
|
// authenticate the cookie name as well as the value, we make this plaintext
|
||||||
|
// in the format "{cookie name}:{cookie value}". We use the : character as a
|
||||||
|
// separator because it is an invalid character for cookie names and
|
||||||
|
// therefore shouldn't appear in them.
|
||||||
|
plaintext := fmt.Sprintf("%s:%s", cookie.Name, cookie.Value)
|
||||||
|
|
||||||
|
// Encrypt the data using aesGCM.Seal(). By passing the nonce as the first
|
||||||
|
// parameter, the encrypted data will be appended to the nonce — meaning
|
||||||
|
// that the returned encryptedValue variable will be in the format
|
||||||
|
// "{nonce}{encrypted plaintext data}".
|
||||||
|
encryptedValue := aesGCM.Seal(nonce, nonce, []byte(plaintext), nil)
|
||||||
|
|
||||||
|
// Set the cookie value to the encryptedValue.
|
||||||
|
cookie.Value = string(encryptedValue)
|
||||||
|
|
||||||
|
// Write the cookie as normal.
|
||||||
|
return CookieWrite(w, cookie)
|
||||||
|
}
|
||||||
|
|
||||||
|
func CookieReadEncrypted(r *http.Request, name string, secretKey []byte) (string, error) {
|
||||||
|
// Read the encrypted value from the cookie as normal.
|
||||||
|
encryptedValue, err := CookieRead(r, name)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create a new AES cipher block from the secret key.
|
||||||
|
block, err := aes.NewCipher(secretKey)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Wrap the cipher block in Galois Counter Mode.
|
||||||
|
aesGCM, err := cipher.NewGCM(block)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get the nonce size.
|
||||||
|
nonceSize := aesGCM.NonceSize()
|
||||||
|
|
||||||
|
// To avoid a potential 'index out of range' panic in the next step, we
|
||||||
|
// check that the length of the encrypted value is at least the nonce
|
||||||
|
// size.
|
||||||
|
if len(encryptedValue) < nonceSize {
|
||||||
|
return "", ErrInvalidValue
|
||||||
|
}
|
||||||
|
|
||||||
|
// Split apart the nonce from the actual encrypted data.
|
||||||
|
nonce := encryptedValue[:nonceSize]
|
||||||
|
ciphertext := encryptedValue[nonceSize:]
|
||||||
|
|
||||||
|
// Use aesGCM.Open() to decrypt and authenticate the data. If this fails,
|
||||||
|
// return a ErrInvalidValue error.
|
||||||
|
plaintext, err := aesGCM.Open(nil, []byte(nonce), []byte(ciphertext), nil)
|
||||||
|
if err != nil {
|
||||||
|
return "", ErrInvalidValue
|
||||||
|
}
|
||||||
|
|
||||||
|
// The plaintext value is in the format "{cookie name}:{cookie value}". We
|
||||||
|
// use strings.Cut() to split it on the first ":" character.
|
||||||
|
expectedName, value, ok := strings.Cut(string(plaintext), ":")
|
||||||
|
if !ok {
|
||||||
|
return "", ErrInvalidValue
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check that the cookie name is the expected one and hasn't been changed.
|
||||||
|
if expectedName != name {
|
||||||
|
return "", ErrInvalidValue
|
||||||
|
}
|
||||||
|
|
||||||
|
// Return the plaintext cookie value.
|
||||||
|
return value, nil
|
||||||
|
}
|
8
core.go
8
core.go
|
@ -98,9 +98,7 @@ func (app *App) Run(router *httprouter.Router) {
|
||||||
TemplateEnable, _ := strconv.ParseBool(TemplateEnableStr)
|
TemplateEnable, _ := strconv.ParseBool(TemplateEnableStr)
|
||||||
// if enabled,
|
// if enabled,
|
||||||
if TemplateEnable {
|
if TemplateEnable {
|
||||||
// add public path
|
router.ServeFiles("/public/*filepath", http.Dir("storage/public"))
|
||||||
publicPath := os.Getenv("TEMPLATE_PUBLIC")
|
|
||||||
router.ServeFiles("/public/*filepath", http.Dir(publicPath))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
useHttpsStr := os.Getenv("App_USE_HTTPS")
|
useHttpsStr := os.Getenv("App_USE_HTTPS")
|
||||||
|
@ -183,6 +181,7 @@ func (app *App) RegisterRoutes(routes []Route, router *httprouter.Router) *httpr
|
||||||
|
|
||||||
func (app *App) makeHTTPRouterHandlerFunc(h Controller, ms []Hook) httprouter.Handle {
|
func (app *App) makeHTTPRouterHandlerFunc(h Controller, ms []Hook) httprouter.Handle {
|
||||||
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||||
|
|
||||||
ctx := &Context{
|
ctx := &Context{
|
||||||
Request: &Request{
|
Request: &Request{
|
||||||
httpRequest: r,
|
httpRequest: r,
|
||||||
|
@ -206,11 +205,13 @@ func (app *App) makeHTTPRouterHandlerFunc(h Controller, ms []Hook) httprouter.Ha
|
||||||
GetEventsManager: resolveEventsManager(),
|
GetEventsManager: resolveEventsManager(),
|
||||||
GetLogger: resolveLogger(),
|
GetLogger: resolveLogger(),
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx.prepare(ctx)
|
ctx.prepare(ctx)
|
||||||
rhs := app.combHandlers(h, ms)
|
rhs := app.combHandlers(h, ms)
|
||||||
app.prepareChain(rhs)
|
app.prepareChain(rhs)
|
||||||
app.t = 0
|
app.t = 0
|
||||||
app.chain.execute(ctx)
|
app.chain.execute(ctx)
|
||||||
|
|
||||||
for _, header := range ctx.Response.headers {
|
for _, header := range ctx.Response.headers {
|
||||||
w.Header().Add(header.key, header.val)
|
w.Header().Add(header.key, header.val)
|
||||||
}
|
}
|
||||||
|
@ -223,6 +224,7 @@ func (app *App) makeHTTPRouterHandlerFunc(h Controller, ms []Hook) httprouter.Ha
|
||||||
} else {
|
} else {
|
||||||
ct = CONTENT_TYPE_HTML
|
ct = CONTENT_TYPE_HTML
|
||||||
}
|
}
|
||||||
|
|
||||||
w.Header().Add(CONTENT_TYPE, ct)
|
w.Header().Add(CONTENT_TYPE, ct)
|
||||||
if ctx.Response.statusCode != 0 {
|
if ctx.Response.statusCode != 0 {
|
||||||
w.WriteHeader(ctx.Response.statusCode)
|
w.WriteHeader(ctx.Response.statusCode)
|
||||||
|
|
|
@ -1,8 +1,10 @@
|
||||||
{{define "head"}}
|
{{define "head"}}
|
||||||
<head>
|
<head>
|
||||||
<meta charset="UTF-8">
|
<meta charset="UTF-8">
|
||||||
<meta name="viewport" content="initial-scale=1, viewport-fit=cover, width=device-width, maximum-scale=1.0, minimum-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
<meta http-equiv="X-UA-Compatible" content="ie=edge">
|
||||||
<title>{{.}} | Goffee</title>
|
<title>{{.}} | Goffee</title>
|
||||||
<link href="/public/style.css" rel="stylesheet">
|
<link rel="stylesheet" href="/public/style.css">
|
||||||
|
<link rel="icon" href="/public/img/favicon.ico" type="image/x-icon">
|
||||||
</head>
|
</head>
|
||||||
{{end}}
|
{{end}}
|
17
template/components/page.html
Normal file
17
template/components/page.html
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
<meta http-equiv="X-UA-Compatible" content="ie=edge">
|
||||||
|
<title>My Website</title>
|
||||||
|
<link rel="stylesheet" href="./style.css">
|
||||||
|
<link rel="icon" href="./favicon.ico" type="image/x-icon">
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<main>
|
||||||
|
<h1>Welcome to My Website</h1>
|
||||||
|
</main>
|
||||||
|
<script src="index.js"></script>
|
||||||
|
</body>
|
||||||
|
</html>
|
Loading…
Reference in a new issue