rageshake: Add file server with basic auth #3169
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,12 +1,13 @@ | ||
| // Run a web server capable of dumping bug reports sent by Riot. | ||
| // Requires Go 1.5+ | ||
| // Usage: BUGS_USER=user BUGS_PASS=password go run rageshake.go PORT | ||
| // Example: BUGS_USER=alice BUGS_PASS=secret go run rageshake.go 8080 | ||
| package main | ||
|
|
||
| import ( | ||
| "bytes" | ||
| "compress/gzip" | ||
| "crypto/subtle" | ||
| "encoding/json" | ||
| "fmt" | ||
| "io/ioutil" | ||
|
|
@@ -61,6 +62,22 @@ func gzipAndSave(data []byte, dirname, fpath string) error { | |
| return nil | ||
| } | ||
|
|
||
| func basicAuth(handler http.Handler, username, password, realm string) http.Handler { | ||
| return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { | ||
| user, pass, ok := r.BasicAuth() // pull creds from the request | ||
|
|
||
| // check user and pass securely | ||
| if !ok || subtle.ConstantTimeCompare([]byte(user), []byte(username)) != 1 || subtle.ConstantTimeCompare([]byte(pass), []byte(password)) != 1 { | ||
| w.Header().Set("WWW-Authenticate", `Basic realm="`+realm+`"`) | ||
| w.WriteHeader(401) | ||
| w.Write([]byte("Unauthorised.\n")) | ||
| return | ||
| } | ||
|
|
||
| handler.ServeHTTP(w, r) | ||
| }) | ||
| } | ||
|
|
||
| func main() { | ||
| http.HandleFunc("/api/submit", func(w http.ResponseWriter, req *http.Request) { | ||
| if req.Method != "POST" && req.Method != "OPTIONS" { | ||
|
|
@@ -110,6 +127,20 @@ func main() { | |
| // Make sure bugs directory exists | ||
| _ = os.Mkdir("bugs", os.ModePerm) | ||
|
|
||
| // serve files under "bugs" | ||
| fs := http.FileServer(http.Dir("bugs")) | ||
| fs = http.StripPrefix("/api/listing/", fs) | ||
|
|
||
| // set auth if env vars exist | ||
| usr := os.Getenv("BUGS_USER") | ||
| pass := os.Getenv("BUGS_PASS") | ||
| if usr == "" || pass == "" { | ||
| fmt.Println("BUGS_USER and BUGS_PASS env vars not found. No authentication is running for /api/listing") | ||
| } else { | ||
| fs = basicAuth(fs, usr, pass, "Enter username and password") | ||
| } | ||
| http.Handle("/api/listing/", fs) | ||
|
There was a problem hiding this comment. so a link to an individual report will be There was a problem hiding this comment. This is not the link that will be present for our deployment. The Apache is configured to route There was a problem hiding this comment. Oh. so why I suddenly realise I don't actually care about this, though. Do as you see fit :) There was a problem hiding this comment. We as a team have certain conventions when it comes to Go and HTTP servers. One of them is that everything public is served under |
||
|
|
||
| port := os.Args[1] | ||
| log.Fatal(http.ListenAndServe(":"+port, nil)) | ||
| } | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't realm normally something like
Riot bug reports?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's an arbitrary string which is sent to the client in a popup, which is usually prefixed with "This website says: REALM" hence the request to enter u/p. I don't care what this is called, so I'll change it to whatever.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's more than that. It is specifically used to identify things which should have the same u/p on a domain. Obviously if different apps with different auth all use "Enter username and password" that's no good.
Also, some clients may show "Enter the username and password for <realm>".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.