Managed to get a simple and NOT SECURE login system going.

2025-07-06 00:38:01 -04:00 · 2025-07-06 00:38:01 -04:00 · 3bd8d38847
commit 3bd8d38847
parent 75b1eb1edb
7 changed files with 63 additions and 23 deletions
--- a/api/auth.go
+++ b/api/auth.go
@ -1,7 +1,9 @@
 package api

 import (
+  "errors"
  "golang.org/x/crypto/bcrypt"
+  "log"

  "github.com/gofiber/fiber/v2"
  _ "github.com/mattn/go-sqlite3"
@ -9,17 +11,35 @@ import (
  "github.com/gofiber/fiber/v2/middleware/session"

  "zedshaw.games/webapp/data"
+  "zedshaw.games/webapp/config"
 )

-func CheckAuthed(c *fiber.Ctx) (bool, *session.Session, error) {
-  sess, err := STORE.Get(c)
-  if err != nil { return false, sess, err }
-  authed := sess.Get("authenticated") == true
-  return authed, sess, nil
+func IsAdmin(user *data.User) bool {
+  return user.Username == config.Settings.Admin
 }

-func NotAuthed(err error, authed bool) bool {
-  return err != nil || authed == false
+func CheckAuthed(c *fiber.Ctx, needs_admin bool) (*session.Session, error) {
+  sess, err := STORE.Get(c)
+  if err != nil { return sess, err }
+
+  // BUG: this has to come from the databse, just temporary
+  admin := sess.Get("admin") == true
+  authed := sess.Get("authenticated") == true
+
+  log.Printf("session admin=%v, session authed=%v, needs_admin = %v", admin, authed, needs_admin)
+
+  if needs_admin {
+    authed = admin && authed
+    log.Printf("after needs_admin block: authed=%v", authed)
+  }
+
+  if authed {
+    log.Println("user is authed, return nil and sess")
+    return sess, nil
+  } else {
+    log.Println("user is NOT authed, return error")
+    return sess, errors.New("Authentication, permission failure")
+  }
 }

 func LogoutUser(c *fiber.Ctx) error {
--- a/api/handlers.go
+++ b/api/handlers.go
@ -23,8 +23,8 @@ func GetApiLogout(c *fiber.Ctx) error {
 }

 func GetApiStream(c *fiber.Ctx) error {
-  authed, _, err := CheckAuthed(c)
-  if NotAuthed(err, authed) { return IfErrNil(err, c) }
+  _, err := CheckAuthed(c, false)
+  if err != nil { return IfErrNil(err, c) }

  sql, args, err := sq.Select("*").From("stream").ToSql()
  err = data.SelectJson[data.Stream](c, err, sql, args...)
@ -80,7 +80,9 @@ func PostApiLogin(c *fiber.Ctx) error {
    sess, err := STORE.Get(c)
    if err != nil { return IfErrNil(err, c) }

+    // BUG: THIS IS A BIG NO NO, just for getting going
    sess.Set("authenticated", true)
+    sess.Set("admin", IsAdmin(&user))
    err = sess.Save()
    if err != nil { return IfErrNil(err, c) }

@ -94,20 +96,20 @@ func PostApiLink(c *fiber.Ctx) error {
  var sql string
  var args []interface{}

-  link, err := ReceivePost[data.Link](c)
-  if err != nil { goto fail }
+  _, err := CheckAuthed(c, false)
+  if err != nil { return c.Redirect("/login/") }

-  sql, args, err = sq.Insert("stream_blah").
+  link, err := ReceivePost[data.Link](c)
+  if err != nil { return IfErrNil(err, c) }
+
+  sql, args, err = sq.Insert("stream_link").
    Columns("stream_id", "url", "description").
    Values(link.StreamId, link.Url, link.Description).ToSql()

  err = data.Exec(err, sql, args...)
-  if(err != nil) { goto fail }
+  if(err != nil) { return IfErrNil(err, c) }

  return c.Redirect("/live/")
-
-  fail:
-     return IfErrNil(err, c)
 }