SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Added server config and middleware to use password to protect endpoints.

Browse source
This commit is contained in:
Sascha L. Teichmann 2021-12-06 17:24:45 +01:00
parent 10eb90907f
commit d335ad1b84
4 changed files with 40 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

27
cmd/csaf_provider/controller.go
View file

@ -50,12 +50,29 @@ func newController(cfg *config) (*controller, error) {
func (c *controller) bind(pim *pathInfoMux) {
if !c.cfg.NoWebUI {
pim.handleFunc("/", c.index)
pim.handleFunc("/upload", c.web(c.upload, "upload.html"))
pim.handleFunc("/create", c.web(c.create, "create.html"))
pim.handleFunc("/", c.auth(c.index))
pim.handleFunc("/upload", c.auth(c.web(c.upload, "upload.html")))
pim.handleFunc("/create", c.auth(c.web(c.create, "create.html")))
}
pim.handleFunc("/api/upload", c.auth(api(c.upload)))
pim.handleFunc("/api/create", c.auth(api(c.create)))
}
func (c *controller) auth(
fn func(http.ResponseWriter, *http.Request),
) func(http.ResponseWriter, *http.Request) {
if c.cfg.Password == nil {
return fn
}
return func(rw http.ResponseWriter, r *http.Request) {
hash := r.Header.Get("X-CSAF-PROVIDER-AUTH")
if !c.cfg.checkPassword(hash) {
http.Error(rw, http.StatusText(http.StatusForbidden), http.StatusForbidden)
return
}
fn(rw, r)
}
pim.handleFunc("/api/upload", api(c.upload))
pim.handleFunc("/api/create", api(c.create))
}
func (c *controller) render(rw http.ResponseWriter, tmpl string, arg interface{}) {