diff --git a/gpanel.go b/gpanel.go index d0c8702..50d0a8c 100644 --- a/gpanel.go +++ b/gpanel.go @@ -5,7 +5,6 @@ import ( "net/http" "github.com/Ennovar/gPanel/pkg/gpserver" - "github.com/gorilla/context" "github.com/Ennovar/gPanel/pkg/router" ) @@ -21,5 +20,5 @@ func main() { log.Print("To Exit: CTRL+C") log.Print("Domain router is listening on localhost:2080") log.Print("Listening (server) on localhost:2082, serving out of the server/document_root/ directory...") - http.ListenAndServe("localhost:2082", context.ClearHandler(mains)) + http.ListenAndServe("localhost:2082", mains) } diff --git a/pkg/api/bundle/create.go b/pkg/api/bundle/create.go index a34edce..68813f9 100644 --- a/pkg/api/bundle/create.go +++ b/pkg/api/bundle/create.go @@ -6,9 +6,8 @@ import ( "log" "net" "net/http" - "strconv" - "os" + "strconv" "github.com/Ennovar/gPanel/pkg/database" "github.com/Ennovar/gPanel/pkg/emailer" diff --git a/pkg/api/user/auth.go b/pkg/api/user/auth.go index a0ba311..ced2fa4 100644 --- a/pkg/api/user/auth.go +++ b/pkg/api/user/auth.go @@ -2,6 +2,7 @@ package user import ( + "encoding/base64" "encoding/json" "log" "net/http" @@ -11,7 +12,6 @@ import ( "github.com/Ennovar/gPanel/pkg/database" "github.com/Ennovar/gPanel/pkg/encryption" - "github.com/Ennovar/gPanel/pkg/networking" jwt "github.com/dgrijalva/jwt-go" ) @@ -48,7 +48,6 @@ func Auth(res http.ResponseWriter, req *http.Request, logger *log.Logger, dir st var userDatabaseData database.Struct_Users err = ds.Get(database.BUCKET_USERS, []byte(userRequestData.User), &userDatabaseData) - if err == database.ErrKeyNotExist { logger.Println(req.URL.Path + "::user does not exist.") http.Error(res, "User does not exist.", http.StatusUnauthorized) @@ -87,21 +86,33 @@ func Auth(res http.ResponseWriter, req *http.Request, logger *log.Logger, dir st return false } - var store networking.Store + var sessionName string if strings.Contains(dir, "bundles/") { - store = networking.GetStore(networking.ACCOUNT_USER_AUTH) + sessionName = "gpanel-account-user-auth" } else { - store = networking.GetStore(networking.SERVER_USER_AUTH) + sessionName = "gpanel-server-user-auth" } - err = store.Set(res, req, "token", token, (60 * 60 * 24)) - err2 := store.Set(res, req, "user", userRequestData.User, (60 * 60 * 24)) - if err != nil || err2 != nil { - logger.Println(req.URL.Path + "::" + err.Error() + "::" + err2.Error()) - http.Error(res, http.StatusText(500), http.StatusInternalServerError) + var sessionData struct { + Username string `json:"Username"` + Token string `json:"Token"` + } + sessionData.Username = userRequestData.User + sessionData.Token = token + + b, err := json.Marshal(sessionData) + if err != nil { + logger.Println(req.URL.Path + "::" + err.Error()) + http.Error(res, err.Error(), http.StatusInternalServerError) return false } + http.SetCookie(res, &http.Cookie{ + Name: sessionName, + Value: base64.StdEncoding.EncodeToString(b), + Path: "/", + }) + res.WriteHeader(http.StatusNoContent) return true } diff --git a/pkg/api/user/logout.go b/pkg/api/user/logout.go index 17db221..566f21c 100644 --- a/pkg/api/user/logout.go +++ b/pkg/api/user/logout.go @@ -7,7 +7,7 @@ import ( "strconv" "strings" - "github.com/Ennovar/gPanel/pkg/networking" + "time" ) // Logout function is accessed by an API call from the webhost root @@ -20,20 +20,19 @@ func Logout(res http.ResponseWriter, req *http.Request, logger *log.Logger, dir return false } - var store networking.Store + var sessionName string if strings.Contains(dir, "bundles/") { - store = networking.GetStore(networking.ACCOUNT_USER_AUTH) + sessionName = "gpanel-account-user-auth" } else { - store = networking.GetStore(networking.SERVER_USER_AUTH) + sessionName = "gpanel-server-user-auth" } - err := store.Delete(res, req) - - if err != nil { - logger.Println(req.URL.Path + "::" + err.Error()) - http.Error(res, http.StatusText(500), http.StatusInternalServerError) - return false - } + http.SetCookie(res, &http.Cookie{ + Name: sessionName, + Value: "", + Path: "/", + Expires: time.Unix(0, 0), + }) res.WriteHeader(http.StatusNoContent) return true diff --git a/pkg/gpaccount/authentication.go b/pkg/gpaccount/authentication.go index f78e930..546af5c 100644 --- a/pkg/gpaccount/authentication.go +++ b/pkg/gpaccount/authentication.go @@ -5,8 +5,10 @@ import ( "net/http" "strings" + "encoding/base64" + "encoding/json" + "github.com/Ennovar/gPanel/pkg/api/user" - "github.com/Ennovar/gPanel/pkg/networking" jwt "github.com/dgrijalva/jwt-go" ) @@ -39,48 +41,46 @@ func reqAuth(path string) bool { // checkAuth function returns a boolean based on whether or not the current // caller is authenticated based off of encrypted sessions using JWT values. func (con *Controller) checkAuth(res http.ResponseWriter, req *http.Request) bool { - store := networking.GetStore(networking.ACCOUNT_USER_AUTH) - - session_value, err := store.Read(res, req, "user") - if err != nil || session_value == nil { + c, err := req.Cookie("gpanel-account-user-auth") + if err != nil { return false } - username, ok := session_value.(string) - if !ok { + data, err := base64.StdEncoding.DecodeString(c.Value) + if err != nil { return false } - stored_secret, err := user.GetSecret(username, con.Directory) - if stored_secret == "" { + var sessionData struct { + Username string `json:"Username"` + Token string `json:"Token"` + } + + err = json.Unmarshal(data, &sessionData) + if err != nil { return false } - session_value, err = store.Read(res, req, "token") - if err != nil || session_value == nil { - return false - } - - tokenString, ok := session_value.(string) - if !ok { + storedSecret, err := user.GetSecret(sessionData.Username, con.Directory) + if storedSecret == "" || err != nil { return false } keyfunc := func(t *jwt.Token) (interface{}, error) { - return []byte(stored_secret), nil + return []byte(storedSecret), nil } p := jwt.Parser{ ValidMethods: []string{"HS256", "HS384", "HS512"}, } - t, err := p.ParseWithClaims(tokenString, &jwt.StandardClaims{}, keyfunc) + t, err := p.ParseWithClaims(sessionData.Token, &jwt.StandardClaims{}, keyfunc) if err != nil { return false } claims := t.Claims.(*jwt.StandardClaims) - if claims.Subject != username { + if claims.Subject != sessionData.Username { return false } diff --git a/pkg/gpserver/authentication.go b/pkg/gpserver/authentication.go index 46e457d..ba80d9a 100644 --- a/pkg/gpserver/authentication.go +++ b/pkg/gpserver/authentication.go @@ -2,11 +2,12 @@ package gpserver import ( + "encoding/base64" + "encoding/json" "net/http" "strings" "github.com/Ennovar/gPanel/pkg/api/user" - "github.com/Ennovar/gPanel/pkg/networking" jwt "github.com/dgrijalva/jwt-go" ) @@ -39,48 +40,46 @@ func reqAuth(path string) bool { // checkAuth function returns a boolean based on whether or not the current // caller is authenticated based off of encrypted sessions using JWT values. func (con *Controller) checkAuth(res http.ResponseWriter, req *http.Request) bool { - store := networking.GetStore(networking.SERVER_USER_AUTH) - - session_value, err := store.Read(res, req, "user") - if err != nil || session_value == nil { + c, err := req.Cookie("gpanel-server-user-auth") + if err != nil { return false } - username, ok := session_value.(string) - if !ok { + data, err := base64.StdEncoding.DecodeString(c.Value) + if err != nil { return false } - stored_secret, err := user.GetSecret(username, con.Directory) - if stored_secret == "" { + var sessionData struct { + Username string `json:"Username"` + Token string `json:"Token"` + } + + err = json.Unmarshal(data, &sessionData) + if err != nil { return false } - session_value, err = store.Read(res, req, "token") - if err != nil || session_value == nil { - return false - } - - tokenString, ok := session_value.(string) - if !ok { + storedSecret, err := user.GetSecret(sessionData.Username, con.Directory) + if storedSecret == "" || err != nil { return false } keyfunc := func(t *jwt.Token) (interface{}, error) { - return []byte(stored_secret), nil + return []byte(storedSecret), nil } p := jwt.Parser{ ValidMethods: []string{"HS256", "HS384", "HS512"}, } - t, err := p.ParseWithClaims(tokenString, &jwt.StandardClaims{}, keyfunc) + t, err := p.ParseWithClaims(sessionData.Token, &jwt.StandardClaims{}, keyfunc) if err != nil { return false } claims := t.Claims.(*jwt.StandardClaims) - if claims.Subject != username { + if claims.Subject != sessionData.Username { return false } diff --git a/pkg/networking/session_store.go b/pkg/networking/session_store.go deleted file mode 100644 index e023085..0000000 --- a/pkg/networking/session_store.go +++ /dev/null @@ -1,79 +0,0 @@ -// Package networking contains various functions used to communicate between networks and -// draw data from the client network. -package networking - -import ( - "net/http" - - "github.com/gorilla/sessions" -) - -var key = []byte("GbP=K4#f$khYuZpStK68GyHxGg$4@5K-") - -const ( - ACCOUNT_USER_AUTH = "gpanel-account-user-auth" - SERVER_USER_AUTH = "gpanel-server-user-auth" -) - -type Store struct { - handle *sessions.CookieStore - cookieName string -} - -// GetStore function takes a name and either creates/grabs a store with that name. -func GetStore(name string) Store { - sessionStore := Store{ - handle: sessions.NewCookieStore(key), - cookieName: name, - } - - return sessionStore -} - -// Set function is attached to the store struct and will set a session value inside of the current store. -func (s *Store) Set(res http.ResponseWriter, req *http.Request, key string, value interface{}, expire int) error { - session, err := s.handle.Get(req, s.cookieName) - - if err != nil { - return err - } - - session.Values[key] = value - session.Options = &sessions.Options{ - Path: "/", - MaxAge: expire, - HttpOnly: true, - } - session.Save(req, res) - return nil -} - -// Read function is attached to the store struct and will read a given session value inside of the current store. -func (s *Store) Read(res http.ResponseWriter, req *http.Request, key string) (interface{}, error) { - session, err := s.handle.Get(req, s.cookieName) - - if err != nil { - return nil, err - } - - value := session.Values[key] - return value, nil -} - -// Delete function is attached to the store struct and will delete a given session value inside of the current store. -func (s *Store) Delete(res http.ResponseWriter, req *http.Request) error { - session, err := s.handle.Get(req, s.cookieName) - - if err != nil { - return err - } - - session.Options = &sessions.Options{ - Path: "/", - MaxAge: -1, - HttpOnly: true, - } - - session.Save(req, res) - return nil -} diff --git a/pkg/networking/session_store_test.go b/pkg/networking/session_store_test.go deleted file mode 100644 index d0d4e9c..0000000 --- a/pkg/networking/session_store_test.go +++ /dev/null @@ -1,51 +0,0 @@ -// Package networking contains various functions used to communicate between networks and -// draw data from the client network. -package networking - -import ( - "net/http" - "net/http/httptest" - "reflect" - "testing" -) - -// BUG(george-e-shaw-iv) Says statement coverage for network package is 0.0%, I think this -// has something to do with the fact that I'm trying to test methods appended to a struct. -func TestSessionStore(t *testing.T) { - storeData := []struct { - storeName string - cookieName string - key string - value interface{} - }{ - {"test-store-one", "test-cookie-one", "foo", "bar"}, - {"test-store-two", "test-cookie-two", "baz", true}, - {"test-store-three", "test-cookie-three", "foobar", 32}, - } - - testServer := httptest.NewServer(http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) { - for _, data := range storeData { - store := GetStore(data.storeName) - - err := store.Set(res, req, data.key, data.value, 60) - if err != nil { - t.Errorf("Error in session_store_test: %s", err.Error()) - } - - val, err := store.Read(res, req, data.key) - if err != nil { - t.Errorf("Error in session_store_test: %s", err.Error()) - } - - if reflect.TypeOf(data.value) != reflect.TypeOf(val) { - t.Errorf("Error in session_store_test type checks, expected %s, got %s", reflect.TypeOf(data.value), reflect.TypeOf(val)) - } - - err = store.Delete(res, req) - if err != nil { - t.Errorf("Error in session_store_test: %s", err.Error()) - } - } - })) - defer testServer.Close() -}