Compare commits

..

2 commits

5 changed files with 275 additions and 7 deletions

View file

@ -102,6 +102,15 @@ func (c *Context) GetHeader(key string) string {
return c.Request.httpRequest.Header.Get(key) return c.Request.httpRequest.Header.Get(key)
} }
func (c *Context) GetCookie() (UserCookie, error) {
user, err := GetCookie(c.Request.httpRequest)
if err != nil {
return user, err
}
return user, nil
}
func (c *Context) GetUploadedFile(name string) *UploadedFileInfo { func (c *Context) GetUploadedFile(name string) *UploadedFileInfo {
file, fileHeader, err := c.Request.httpRequest.FormFile(name) file, fileHeader, err := c.Request.httpRequest.FormFile(name)
if err != nil { if err != nil {

238
cookies.go Normal file
View file

@ -0,0 +1,238 @@
// Copyright (c) 2024 Zeni Kim <zenik@smarteching.com>
// Use of this source code is governed by MIT-style
// license that can be found in the LICENSE file.
package core
import (
"crypto/aes"
"crypto/cipher"
"bytes"
"crypto/rand"
"encoding/base64"
"encoding/gob"
"encoding/hex"
"errors"
"fmt"
"io"
"net/http"
"strings"
)
var (
ErrValueTooLong = errors.New("cookie value too long")
ErrInvalidValue = errors.New("invalid cookie value")
)
// Declare the User type.
type UserCookie struct {
Email string
Token string
}
var secretcookie []byte
func GetCookie(r *http.Request) (UserCookie, error) {
var err error
// Create a new instance of a User type.
var user UserCookie
secretcookie, err = hex.DecodeString("13d6b4dff8f84a10851021ec8608f814570d562c92fe6b5ec4c9f595bcb3234b")
if err != nil {
return user, err
}
gobEncodedValue, err := CookieReadEncrypted(r, "goffee", secretcookie)
if err != nil {
return user, err
}
// Create an strings.Reader containing the gob-encoded value.
reader := strings.NewReader(gobEncodedValue)
// Decode it into the User type. Notice that we need to pass a *pointer* to
// the Decode() target here?
if err := gob.NewDecoder(reader).Decode(&user); err != nil {
return user, err
}
return user, nil
}
func SetCookie(w http.ResponseWriter, email string, token string) error {
// Initialize a User struct containing the data that we want to store in the
// cookie.
var err error
secretcookie, err = hex.DecodeString("13d6b4dff8f84a10851021ec8608f814570d562c92fe6b5ec4c9f595bcb3234b")
if err != nil {
return err
}
user := UserCookie{Email: email, Token: token}
// Initialize a buffer to hold the gob-encoded data.
var buf bytes.Buffer
// Gob-encode the user data, storing the encoded output in the buffer.
err = gob.NewEncoder(&buf).Encode(&user)
if err != nil {
return err
}
// Call buf.String() to get the gob-encoded value as a string and set it as
// the cookie value.
cookie := http.Cookie{
Name: "goffee",
Value: buf.String(),
Path: "/",
MaxAge: 3600,
HttpOnly: true,
Secure: true,
SameSite: http.SameSiteLaxMode,
}
// Write an encrypted cookie containing the gob-encoded data as normal.
err = CookieWriteEncrypted(w, cookie, secretcookie)
if err != nil {
return err
}
fmt.Printf("Cookie set %v\n", email)
return nil
}
func CookieWrite(w http.ResponseWriter, cookie http.Cookie) error {
// Encode the cookie value using base64.
cookie.Value = base64.URLEncoding.EncodeToString([]byte(cookie.Value))
// Check the total length of the cookie contents. Return the ErrValueTooLong
// error if it's more than 4096 bytes.
if len(cookie.String()) > 4096 {
return ErrValueTooLong
}
// Write the cookie as normal.
http.SetCookie(w, &cookie)
return nil
}
func CookieRead(r *http.Request, name string) (string, error) {
// Read the cookie as normal.
cookie, err := r.Cookie(name)
if err != nil {
return "", err
}
// Decode the base64-encoded cookie value. If the cookie didn't contain a
// valid base64-encoded value, this operation will fail and we return an
// ErrInvalidValue error.
value, err := base64.URLEncoding.DecodeString(cookie.Value)
if err != nil {
return "", ErrInvalidValue
}
// Return the decoded cookie value.
return string(value), nil
}
func CookieWriteEncrypted(w http.ResponseWriter, cookie http.Cookie, secretKey []byte) error {
// Create a new AES cipher block from the secret key.
block, err := aes.NewCipher(secretKey)
if err != nil {
return err
}
// Wrap the cipher block in Galois Counter Mode.
aesGCM, err := cipher.NewGCM(block)
if err != nil {
return err
}
// Create a unique nonce containing 12 random bytes.
nonce := make([]byte, aesGCM.NonceSize())
_, err = io.ReadFull(rand.Reader, nonce)
if err != nil {
return err
}
// Prepare the plaintext input for encryption. Because we want to
// authenticate the cookie name as well as the value, we make this plaintext
// in the format "{cookie name}:{cookie value}". We use the : character as a
// separator because it is an invalid character for cookie names and
// therefore shouldn't appear in them.
plaintext := fmt.Sprintf("%s:%s", cookie.Name, cookie.Value)
// Encrypt the data using aesGCM.Seal(). By passing the nonce as the first
// parameter, the encrypted data will be appended to the nonce — meaning
// that the returned encryptedValue variable will be in the format
// "{nonce}{encrypted plaintext data}".
encryptedValue := aesGCM.Seal(nonce, nonce, []byte(plaintext), nil)
// Set the cookie value to the encryptedValue.
cookie.Value = string(encryptedValue)
// Write the cookie as normal.
return CookieWrite(w, cookie)
}
func CookieReadEncrypted(r *http.Request, name string, secretKey []byte) (string, error) {
// Read the encrypted value from the cookie as normal.
encryptedValue, err := CookieRead(r, name)
if err != nil {
return "", err
}
// Create a new AES cipher block from the secret key.
block, err := aes.NewCipher(secretKey)
if err != nil {
return "", err
}
// Wrap the cipher block in Galois Counter Mode.
aesGCM, err := cipher.NewGCM(block)
if err != nil {
return "", err
}
// Get the nonce size.
nonceSize := aesGCM.NonceSize()
// To avoid a potential 'index out of range' panic in the next step, we
// check that the length of the encrypted value is at least the nonce
// size.
if len(encryptedValue) < nonceSize {
return "", ErrInvalidValue
}
// Split apart the nonce from the actual encrypted data.
nonce := encryptedValue[:nonceSize]
ciphertext := encryptedValue[nonceSize:]
// Use aesGCM.Open() to decrypt and authenticate the data. If this fails,
// return a ErrInvalidValue error.
plaintext, err := aesGCM.Open(nil, []byte(nonce), []byte(ciphertext), nil)
if err != nil {
return "", ErrInvalidValue
}
// The plaintext value is in the format "{cookie name}:{cookie value}". We
// use strings.Cut() to split it on the first ":" character.
expectedName, value, ok := strings.Cut(string(plaintext), ":")
if !ok {
return "", ErrInvalidValue
}
// Check that the cookie name is the expected one and hasn't been changed.
if expectedName != name {
return "", ErrInvalidValue
}
// Return the plaintext cookie value.
return value, nil
}

View file

@ -98,9 +98,7 @@ func (app *App) Run(router *httprouter.Router) {
TemplateEnable, _ := strconv.ParseBool(TemplateEnableStr) TemplateEnable, _ := strconv.ParseBool(TemplateEnableStr)
// if enabled, // if enabled,
if TemplateEnable { if TemplateEnable {
// add public path router.ServeFiles("/public/*filepath", http.Dir("storage/public"))
publicPath := os.Getenv("TEMPLATE_PUBLIC")
router.ServeFiles("/public/*filepath", http.Dir(publicPath))
} }
useHttpsStr := os.Getenv("App_USE_HTTPS") useHttpsStr := os.Getenv("App_USE_HTTPS")
@ -183,6 +181,7 @@ func (app *App) RegisterRoutes(routes []Route, router *httprouter.Router) *httpr
func (app *App) makeHTTPRouterHandlerFunc(h Controller, ms []Hook) httprouter.Handle { func (app *App) makeHTTPRouterHandlerFunc(h Controller, ms []Hook) httprouter.Handle {
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
ctx := &Context{ ctx := &Context{
Request: &Request{ Request: &Request{
httpRequest: r, httpRequest: r,
@ -206,11 +205,13 @@ func (app *App) makeHTTPRouterHandlerFunc(h Controller, ms []Hook) httprouter.Ha
GetEventsManager: resolveEventsManager(), GetEventsManager: resolveEventsManager(),
GetLogger: resolveLogger(), GetLogger: resolveLogger(),
} }
ctx.prepare(ctx) ctx.prepare(ctx)
rhs := app.combHandlers(h, ms) rhs := app.combHandlers(h, ms)
app.prepareChain(rhs) app.prepareChain(rhs)
app.t = 0 app.t = 0
app.chain.execute(ctx) app.chain.execute(ctx)
for _, header := range ctx.Response.headers { for _, header := range ctx.Response.headers {
w.Header().Add(header.key, header.val) w.Header().Add(header.key, header.val)
} }
@ -223,6 +224,7 @@ func (app *App) makeHTTPRouterHandlerFunc(h Controller, ms []Hook) httprouter.Ha
} else { } else {
ct = CONTENT_TYPE_HTML ct = CONTENT_TYPE_HTML
} }
w.Header().Add(CONTENT_TYPE, ct) w.Header().Add(CONTENT_TYPE, ct)
if ctx.Response.statusCode != 0 { if ctx.Response.statusCode != 0 {
w.WriteHeader(ctx.Response.statusCode) w.WriteHeader(ctx.Response.statusCode)

View file

@ -1,8 +1,10 @@
{{define "head"}} {{define "head"}}
<head> <head>
<meta charset="UTF-8"> <meta charset="UTF-8">
<meta name="viewport" content="initial-scale=1, viewport-fit=cover, width=device-width, maximum-scale=1.0, minimum-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>{{.}} | Goffee</title> <meta http-equiv="X-UA-Compatible" content="ie=edge">
<link href="/public/style.css" rel="stylesheet"> <title>{{.}} | Goffee</title>
<link rel="stylesheet" href="/public/style.css">
<link rel="icon" href="/public/img/favicon.ico" type="image/x-icon">
</head> </head>
{{end}} {{end}}

View file

@ -0,0 +1,17 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>My Website</title>
<link rel="stylesheet" href="./style.css">
<link rel="icon" href="./favicon.ico" type="image/x-icon">
</head>
<body>
<main>
<h1>Welcome to My Website</h1>
</main>
<script src="index.js"></script>
</body>
</html>