Managed to get a simple and NOT SECURE login system going.

2025-07-06 00:38:01 -04:00 · 2025-07-06 00:38:01 -04:00 · 3bd8d38847
commit 3bd8d38847
parent 75b1eb1edb
7 changed files with 63 additions and 23 deletions
--- a/2
+++ b/2
@ -5,7 +5,7 @@ ifeq '$(OS)' 'Windows_NT'
 endif
-build: site
+build:
 	go build .
 site:
--- a/api/auth.go
+++ b/api/auth.go
@ -1,7 +1,9 @@
 package api
 import (
  "errors"
  "golang.org/x/crypto/bcrypt"
  "log"
  "github.com/gofiber/fiber/v2"
  _ "github.com/mattn/go-sqlite3"
@ -9,17 +11,35 @@ import (
  "github.com/gofiber/fiber/v2/middleware/session"
  "zedshaw.games/webapp/data"
  "zedshaw.games/webapp/config"
 )
-func CheckAuthed(c *fiber.Ctx) (bool, *session.Session, error) {
+func IsAdmin(user *data.User) bool {
-  sess, err := STORE.Get(c)
+  return user.Username == config.Settings.Admin
  if err != nil { return false, sess, err }
  authed := sess.Get("authenticated") == true
  return authed, sess, nil
 }
-func NotAuthed(err error, authed bool) bool {
+func CheckAuthed(c *fiber.Ctx, needs_admin bool) (*session.Session, error) {
-  return err != nil || authed == false
+  sess, err := STORE.Get(c)
  if err != nil { return sess, err }
  // BUG: this has to come from the databse, just temporary
  admin := sess.Get("admin") == true
  authed := sess.Get("authenticated") == true
  log.Printf("session admin=%v, session authed=%v, needs_admin = %v", admin, authed, needs_admin)
  if needs_admin {
    authed = admin && authed
    log.Printf("after needs_admin block: authed=%v", authed)
  }
  if authed {
    log.Println("user is authed, return nil and sess")
    return sess, nil
  } else {
    log.Println("user is NOT authed, return error")
    return sess, errors.New("Authentication, permission failure")
  }
 }
 func LogoutUser(c *fiber.Ctx) error {
--- a/api/handlers.go
+++ b/api/handlers.go
@ -23,8 +23,8 @@ func GetApiLogout(c *fiber.Ctx) error {
 }
 func GetApiStream(c *fiber.Ctx) error {
-  authed, _, err := CheckAuthed(c)
+  _, err := CheckAuthed(c, false)
-  if NotAuthed(err, authed) { return IfErrNil(err, c) }
+  if err != nil { return IfErrNil(err, c) }
  sql, args, err := sq.Select("*").From("stream").ToSql()
  err = data.SelectJson[data.Stream](c, err, sql, args...)
@ -80,7 +80,9 @@ func PostApiLogin(c *fiber.Ctx) error {
    sess, err := STORE.Get(c)
    if err != nil { return IfErrNil(err, c) }
    // BUG: THIS IS A BIG NO NO, just for getting going
    sess.Set("authenticated", true)
    sess.Set("admin", IsAdmin(&user))
    err = sess.Save()
    if err != nil { return IfErrNil(err, c) }
@ -94,20 +96,20 @@ func PostApiLink(c *fiber.Ctx) error {
  var sql string
  var args []interface{}
-  link, err := ReceivePost[data.Link](c)
+  _, err := CheckAuthed(c, false)
-  if err != nil { goto fail }
+  if err != nil { return c.Redirect("/login/") }
-  sql, args, err = sq.Insert("stream_blah").
+  link, err := ReceivePost[data.Link](c)
  if err != nil { return IfErrNil(err, c) }
  sql, args, err = sq.Insert("stream_link").
    Columns("stream_id", "url", "description").
    Values(link.StreamId, link.Url, link.Description).ToSql()
  err = data.Exec(err, sql, args...)
-  if(err != nil) { goto fail }
+  if(err != nil) { return IfErrNil(err, c) }
  return c.Redirect("/live/")
  fail:
     return IfErrNil(err, c)
 }
--- a/go.mod
+++ b/go.mod
@ -3,6 +3,7 @@ module zedshaw.games/webapp
 go 1.24.2
 require (
 	github.com/BurntSushi/toml v0.3.1
 	github.com/Masterminds/squirrel v1.5.4
 	github.com/chromedp/chromedp v0.13.6
 	github.com/go-playground/validator/v10 v10.26.0
--- a/go.sum
+++ b/go.sum
@ -18,6 +18,7 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mx
 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/locker v0.0.0-20171006230638-a6e239ea1c69 h1:+tu3HOoMXB7RXEINRVIpxJCT+KdYiI7LAEAUrOw3dIU=
 github.com/BurntSushi/locker v0.0.0-20171006230638-a6e239ea1c69/go.mod h1:L1AbZdiDllfyYH5l5OkAaZtk7VkWe89bPJFmnDBNHxg=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/ClickHouse/ch-go v0.65.1 h1:SLuxmLl5Mjj44/XbINsK2HFvzqup0s6rwKLFH347ZhU=
 github.com/ClickHouse/ch-go v0.65.1/go.mod h1:bsodgURwmrkvkBe5jw1qnGDgyITsYErfONKAHn05nv4=
--- a/main.go
+++ b/main.go
@ -14,17 +14,21 @@ import (
  "zedshaw.games/webapp/api"
  "zedshaw.games/webapp/data"
  "zedshaw.games/webapp/config"
 )
 func main() {
  config.Load("config.toml")
  log.Printf("ADMIN is %s", config.Settings.Admin)
  log.SetFlags(log.LstdFlags | log.Lshortfile)
-  engine := html.New("./views", ".html")
+  engine := html.New(config.Settings.Views, ".html")
  app := fiber.New(fiber.Config{
    Views: engine,
-    ViewsLayout: "layouts/main",
+    ViewsLayout: config.Settings.Layouts,
    CaseSensitive: true,
    StrictRouting: true,
  })
@ -33,11 +37,11 @@ func main() {
  app.Use(recov.New())
  api.Setup(app)
-  data.Setup("sqlite3", "db.sqlite3")
+  data.Setup(config.Settings.Database.Driver, config.Settings.Database.Url)
  // this sets up graceful shutdown
  go func() {
-	  if err := app.Listen(":5001"); err != nil {
+	  if err := app.Listen(config.Settings.Port); err != nil {
 		  log.Panic(err)
 	  }
  }()
--- a/pages/layouts/main.html
+++ b/pages/layouts/main.html
@ -26,7 +26,19 @@
  {{embed}}
  <footer>
-    <h1>Footer</h1>
+    <blockstart style="--value: 0; --text: 9">
    <block class="horizontal">
      <shape style="--w: 200px; --h: 250px">Zed Pic</shape>
      <div>
        <h3>About Me</h3>
        <p>Blah blah about me.</p>
      </div>
      <div>
        <h3>Other Projects</h3>
        <p>Some other links to stuff.</p>
      </div>
    </block>
    </blockstart>
  </footer>
  </body>
 </html>