package management import ( "encoding/json" "log" "net/http" "path/filepath" "text/template" "github.com/asaskevich/govalidator" "github.com/cr3a70r/shield/Utils" "github.com/gorilla/mux" "github.com/gorilla/securecookie" ) var hashKey = []byte("ckjstkldx-rlkjcmskl-rdlskjtmd") var blockKey = []byte("opbckswle-sdnfekjtiw-dsmnwhekskd") var secCookie = securecookie.New(hashKey, blockKey) func StartWebserver(addr string) { router := mux.NewRouter() router.HandleFunc("/", renderIndex) router.HandleFunc("/config", config) router.HandleFunc("/dashboard", dashboard) router.HandleFunc("/protection", protection) router.HandleFunc("/config", config) log.Fatal(http.ListenAndServe(addr, router)) } func health(writer http.ResponseWriter, req *http.Request) { Utils.RespondJSON("Unknown state", 200, writer) } func renderIndex(w http.ResponseWriter, r *http.Request) { if r.Method == "POST" { r.ParseForm() if !govalidator.IsEmail(r.FormValue("Email")) { log.Println("webserver.auth: email not found") } success, err := Settings.CheckPassword(r.FormValue("Email"), r.FormValue("Password")) if err != nil { log.Println("webserver.auth: unseccessful auth ") log.Println(err) } else if success { log.Println("webserver.auth: login") log.Println(r.FormValue("Email")) value := map[string]string{ "email": r.FormValue("Email"), "password": r.FormValue("Password"), } encoded, err := secCookie.Encode("Shield", value) Settings.SaveCookie(r.FormValue("Email"), encoded) if err != nil { log.Println("webserver.auth: failed to encode cookie") } cookie := &http.Cookie{ Name: "Shield", Value: encoded, Path: "/", } http.SetCookie(w, cookie) r.Header.Set("x-shield", encoded) http.Redirect(w, r, "/dashboard", http.StatusSeeOther) } } parsedTemplate, _ := template.ParseFiles("static/index.html") err := parsedTemplate.Execute(w, "") if err != nil { log.Println("Error executing template :", err) return } defer r.Body.Close() } func dashboard(w http.ResponseWriter, r *http.Request) { fpTemplate := filepath.Join("static", "template.html") fpPage := filepath.Join("static", "dashboard.html") tmpl, err := template.ParseFiles(fpPage, fpTemplate) if err != nil { log.Println("webserver.dashboard: " + err.Error()) } err = tmpl.ExecuteTemplate(w, "template.html", nil) if err != nil { log.Println("webserver.dashboard: " + err.Error()) } } func protection(w http.ResponseWriter, r *http.Request) { fpTemplate := filepath.Join("static", "template.html") fpPage := filepath.Join("static", "protection.html") tmpl, err := template.ParseFiles(fpPage, fpTemplate) if err != nil { log.Println("webserver.protection: " + err.Error()) } err = tmpl.ExecuteTemplate(w, "template.html", nil) if err != nil { log.Println("webserver.protection: " + err.Error()) } } type View struct { Data string } func config(w http.ResponseWriter, r *http.Request) { fpTemplate := filepath.Join("static", "template.html") fpPage := filepath.Join("static", "config.html") tmpl, err := template.ParseFiles(fpPage, fpTemplate) if err != nil { log.Println("webserver.config: " + err.Error()) } bt, err := json.MarshalIndent(Settings, "", " ") vd := View{string(bt)} //vd := ViewData{&Settings} err = tmpl.ExecuteTemplate(w, "template.html", vd) if err != nil { log.Println("webserver.config: " + err.Error()) } } func requireAuth(h http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if cookie, err := r.Cookie("Shield"); err == nil { value := make(map[string]string) if err = secCookie.Decode("Shield", cookie.Value, &value); err == nil { log.Println("webserver.requireAuth: unauthorized access denied " + r.RemoteAddr) } } h.ServeHTTP(w, r) }) }