Basic Authentication and Authorization

2 files changed, 47 insertions, 4 deletions

diff --git a/handlers/passthrough.go b/handlers/passthrough.go
index b2daa88..3f8aafc 100644
--- a/handlers/passthrough.go
+++ b/handlers/passthrough.go
@@ -2,6 +2,7 @@ package handlers
 
 import (
 	"github.com/valyala/fasthttp"
+	"net/http"
 	"portgate"
 )
 
@@ -9,9 +10,14 @@ import (
 // If the user is authorized they are allowed to pass, otherwise they should be redirected to
 // the authentication page. (/_portgate)
 func (h *RequestHandler) handlePassthroughRequest(ctx *fasthttp.RequestCtx, p portgate.Path) {
-	// TODO: Check authorization.
 	// TODO: Check whether port is allowed to be accessed.
 
+	// Check whether given cookie is ok, if not redirect to the authentication page.
+	if !portgate.VerifyTokenFromCookie(h.config, ctx) {
+		ctx.Redirect("/_portgate", http.StatusTemporaryRedirect)
+		return
+	}
+
 	// We reuse the request given to us by the user with minor changes to route it to the
 	// destination host.
 	ctx.Request.SetRequestURI(h.config.MakeUrl(p))
diff --git a/handlers/portgate.go b/handlers/portgate.go
index f53f3c9..6e002e7 100644
--- a/handlers/portgate.go
+++ b/handlers/portgate.go
@@ -2,7 +2,9 @@ package handlers
 
 import (
 	"github.com/valyala/fasthttp"
+	"net/http"
 	"portgate"
+	"time"
 )
 
 // handlePortgateRequest handles all Portgate specific request for either showing Portgate
@@ -32,14 +34,49 @@ func (h *RequestHandler) handlePortgateIndexRequest(ctx *fasthttp.RequestCtx) {
 // handlePortgatePageRequest renders the Portgate page with either the authentication page or
 // a basic information page.
 func (h *RequestHandler) handlePortgatePageRequest(ctx *fasthttp.RequestCtx) {
-	// We render the page template and pass it to the user.
 	ctx.Response.Header.SetContentType("text/html")
-	err := h.templates.ExecuteTemplate(ctx, "authenticate.template.html", nil)
+
+	var err error
+
+	// We render the page template and pass it to the user.
+	if portgate.VerifyTokenFromCookie(h.config, ctx) {
+		// User is authenticated, show the information page
+		err = h.templates.ExecuteTemplate(ctx, "information.template.html", nil)
+	} else {
+		// Show the authentication page
+		err = h.templates.ExecuteTemplate(ctx, "authenticate.template.html", nil)
+	}
+
 	if err != nil {
 		h.handleError(ctx)
 	}
 }
 
 func (h *RequestHandler) handleAuthenticateRequest(ctx *fasthttp.RequestCtx) {
-	// TODO
+
+	givenKey := ctx.PostArgs().Peek("key")
+	if givenKey == nil || !h.config.CheckKey(string(givenKey)) {
+		ctx.Error("Wrong key.", http.StatusUnauthorized)
+		return
+	}
+
+	token, err := portgate.CreateToken(h.config, string(givenKey))
+	if err != nil {
+		h.handleError(ctx)
+	}
+
+	cookie := fasthttp.AcquireCookie()
+	defer fasthttp.ReleaseCookie(cookie)
+
+	cookie.SetExpire(portgate.GetExpirationDateFrom(time.Now()))
+	cookie.SetSameSite(fasthttp.CookieSameSiteStrictMode)
+	cookie.SetHTTPOnly(true)
+	cookie.SetKey("_portgate_token")
+	cookie.SetValue(token)
+
+	ctx.Response.Header.SetCookie(cookie)
+
+	// TODO: Redirect to previously request path.
+	// http.StatusFound redirects a POST request to a GET request.
+	ctx.Redirect("/_portgate", http.StatusFound)
 }