Merge branch 'dev' into feature/blog
THAT WAS PAINFUL!
This commit is contained in:
commit
3e5ecb9372
GPG key ID:
CF99829C92678188
99 changed files with 2029 additions and 1010 deletions
|
|
@ -7,6 +7,7 @@ import (
|
|||
"net/url"
|
||||
"os"
|
||||
|
||||
"arimelody-web/admin/core"
|
||||
"arimelody-web/admin/templates"
|
||||
"arimelody-web/controller"
|
||||
"arimelody-web/log"
|
||||
|
|
@ -20,12 +21,12 @@ func Handler(app *model.AppState) http.Handler {
|
|||
|
||||
mux.Handle("/", accountIndexHandler(app))
|
||||
|
||||
mux.Handle("/totp-setup", totpSetupHandler(app))
|
||||
mux.Handle("/totp-confirm", totpConfirmHandler(app))
|
||||
mux.Handle("/totp-delete/", http.StripPrefix("/totp-delete", totpDeleteHandler(app)))
|
||||
mux.Handle("/account/totp-setup", totpSetupHandler(app))
|
||||
mux.Handle("/account/totp-confirm", totpConfirmHandler(app))
|
||||
mux.Handle("/account/totp-delete", http.StripPrefix("/totp-delete", totpDeleteHandler(app)))
|
||||
|
||||
mux.Handle("/password", changePasswordHandler(app))
|
||||
mux.Handle("/delete", deleteAccountHandler(app))
|
||||
mux.Handle("/account/password", changePasswordHandler(app))
|
||||
mux.Handle("/account/delete", deleteAccountHandler(app))
|
||||
|
||||
return mux
|
||||
}
|
||||
|
|
@ -47,7 +48,7 @@ func accountIndexHandler(app *model.AppState) http.Handler {
|
|||
}
|
||||
|
||||
accountResponse struct {
|
||||
Session *model.Session
|
||||
core.AdminPageData
|
||||
TOTPs []TOTP
|
||||
}
|
||||
)
|
||||
|
|
@ -68,7 +69,7 @@ func accountIndexHandler(app *model.AppState) http.Handler {
|
|||
session.Error = sessionError
|
||||
|
||||
err = templates.AccountTemplate.Execute(w, accountResponse{
|
||||
Session: session,
|
||||
AdminPageData: core.AdminPageData{ Path: r.URL.Path, Session: session },
|
||||
TOTPs: totps,
|
||||
})
|
||||
if err != nil {
|
||||
|
|
@ -172,7 +173,7 @@ func deleteAccountHandler(app *model.AppState) http.Handler {
|
|||
}
|
||||
|
||||
type totpConfirmData struct {
|
||||
Session *model.Session
|
||||
core.AdminPageData
|
||||
TOTP *model.TOTP
|
||||
NameEscaped string
|
||||
QRBase64Image string
|
||||
|
|
@ -181,13 +182,9 @@ type totpConfirmData struct {
|
|||
func totpSetupHandler(app *model.AppState) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method == http.MethodGet {
|
||||
type totpSetupData struct {
|
||||
Session *model.Session
|
||||
}
|
||||
|
||||
session := r.Context().Value("session").(*model.Session)
|
||||
|
||||
err := templates.TotpSetupTemplate.Execute(w, totpSetupData{ Session: session })
|
||||
err := templates.TOTPSetupTemplate.Execute(w, core.AdminPageData{ Path: "/account", Session: session })
|
||||
if err != nil {
|
||||
fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err)
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
|
@ -224,7 +221,9 @@ func totpSetupHandler(app *model.AppState) http.Handler {
|
|||
if err != nil {
|
||||
fmt.Printf("WARN: Failed to create TOTP method: %s\n", err)
|
||||
controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
|
||||
err := templates.TotpSetupTemplate.Execute(w, totpConfirmData{ Session: session })
|
||||
err := templates.TOTPSetupTemplate.Execute(w, totpConfirmData{
|
||||
AdminPageData: core.AdminPageData{ Path: r.URL.Path, Session: session },
|
||||
})
|
||||
if err != nil {
|
||||
fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err)
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
|
@ -238,8 +237,8 @@ func totpSetupHandler(app *model.AppState) http.Handler {
|
|||
fmt.Fprintf(os.Stderr, "WARN: Failed to generate TOTP QR code: %v\n", err)
|
||||
}
|
||||
|
||||
err = templates.TotpConfirmTemplate.Execute(w, totpConfirmData{
|
||||
Session: session,
|
||||
err = templates.TOTPConfirmTemplate.Execute(w, totpConfirmData{
|
||||
AdminPageData: core.AdminPageData{ Path: r.URL.Path, Session: session },
|
||||
TOTP: &totp,
|
||||
NameEscaped: url.PathEscape(totp.Name),
|
||||
QRBase64Image: qrBase64Image,
|
||||
|
|
@ -270,11 +269,6 @@ func totpConfirmHandler(app *model.AppState) http.Handler {
|
|||
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
code := r.FormValue("totp")
|
||||
if len(code) != controller.TOTP_CODE_LENGTH {
|
||||
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
totp, err := controller.GetTOTP(app.DB, session.Account.ID, name)
|
||||
if err != nil {
|
||||
|
|
@ -294,23 +288,22 @@ func totpConfirmHandler(app *model.AppState) http.Handler {
|
|||
fmt.Fprintf(os.Stderr, "WARN: Failed to generate TOTP QR code: %v\n", err)
|
||||
}
|
||||
|
||||
code := r.FormValue("totp")
|
||||
confirmCode := controller.GenerateTOTP(totp.Secret, 0)
|
||||
if code != confirmCode {
|
||||
confirmCodeOffset := controller.GenerateTOTP(totp.Secret, 1)
|
||||
if code != confirmCodeOffset {
|
||||
session.Error = sql.NullString{ Valid: true, String: "Incorrect TOTP code. Please try again." }
|
||||
err = templates.TotpConfirmTemplate.Execute(w, totpConfirmData{
|
||||
Session: session,
|
||||
TOTP: totp,
|
||||
NameEscaped: url.PathEscape(totp.Name),
|
||||
QRBase64Image: qrBase64Image,
|
||||
})
|
||||
if err != nil {
|
||||
fmt.Fprintf(os.Stderr, "WARN: Failed to render TOTP setup page: %v\n", err)
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
}
|
||||
return
|
||||
confirmCodeOffset := controller.GenerateTOTP(totp.Secret, 1)
|
||||
if len(code) != controller.TOTP_CODE_LENGTH || (code != confirmCode && code != confirmCodeOffset) {
|
||||
session.Error = sql.NullString{ Valid: true, String: "Incorrect TOTP code. Please try again." }
|
||||
err = templates.TOTPConfirmTemplate.Execute(w, totpConfirmData{
|
||||
AdminPageData: core.AdminPageData{ Path: r.URL.Path, Session: session },
|
||||
TOTP: totp,
|
||||
NameEscaped: url.PathEscape(totp.Name),
|
||||
QRBase64Image: qrBase64Image,
|
||||
})
|
||||
if err != nil {
|
||||
fmt.Fprintf(os.Stderr, "WARN: Failed to render TOTP setup page: %v\n", err)
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
err = controller.ConfirmTOTP(app.DB, session.Account.ID, name)
|
||||
|
|
@ -331,18 +324,23 @@ func totpConfirmHandler(app *model.AppState) http.Handler {
|
|||
|
||||
func totpDeleteHandler(app *model.AppState) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method != http.MethodGet {
|
||||
if r.Method != http.MethodPost {
|
||||
http.NotFound(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
if len(r.URL.Path) < 2 {
|
||||
session := r.Context().Value("session").(*model.Session)
|
||||
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
name := r.FormValue("totp-name")
|
||||
if len(name) == 0 {
|
||||
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
name := r.URL.Path[1:]
|
||||
|
||||
session := r.Context().Value("session").(*model.Session)
|
||||
|
||||
totp, err := controller.GetTOTP(app.DB, session.Account.ID, name)
|
||||
if err != nil {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue