From cd09dc190acc9d199f8246b2375a950e9b1d06a8 Mon Sep 17 00:00:00 2001 From: grumbulon Date: Fri, 2 Dec 2022 21:11:52 -0500 Subject: [PATCH] initial commit --- cmd/pomme/main.go | 20 +++++++++ go.mod | 19 +++++++++ go.sum | 43 +++++++++++++++++++ internal/api/api.go | 87 +++++++++++++++++++++++++++++++++++++++ internal/api/session.go | 61 +++++++++++++++++++++++++++ internal/configuration.go | 1 + internal/util/util.go | 5 +++ pkg/types.go | 4 ++ readme.md | 5 +++ 9 files changed, 245 insertions(+) create mode 100644 cmd/pomme/main.go create mode 100644 go.mod create mode 100644 go.sum create mode 100644 internal/api/api.go create mode 100644 internal/api/session.go create mode 100644 internal/configuration.go create mode 100644 internal/util/util.go create mode 100644 pkg/types.go create mode 100644 readme.md diff --git a/cmd/pomme/main.go b/cmd/pomme/main.go new file mode 100644 index 0000000..e4dd7aa --- /dev/null +++ b/cmd/pomme/main.go @@ -0,0 +1,20 @@ +package main + +import ( + "fmt" + "log" + "net/http" + + "git.freecumextremist.com/grumbulon/pomme/internal/api" + "github.com/gorilla/mux" +) + +func main() { + app := mux.NewRouter() + app.Path("/create").HandlerFunc(api.NewUser).Methods("GET") + app.Path("/api/v1/zone").HandlerFunc(api.Ingest).Methods("GET") + log.Println("\t-------------------------------------") + log.Println("\t\tRunning on port 3000") + log.Println("\t-------------------------------------") + log.Fatal(http.ListenAndServe(fmt.Sprintf(":%v", 3000), app)) +} diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..5630e6e --- /dev/null +++ b/go.mod @@ -0,0 +1,19 @@ +module git.freecumextremist.com/grumbulon/pomme + +go 1.19 + +require ( + github.com/google/uuid v1.3.0 + github.com/gorilla/mux v1.8.0 + github.com/gorilla/sessions v1.2.1 + github.com/miekg/dns v1.1.50 +) + +require ( + github.com/gorilla/securecookie v1.1.1 // indirect + golang.org/x/mod v0.4.2 // indirect + golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985 // indirect + golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c // indirect + golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2 // indirect + golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..a1a32f0 --- /dev/null +++ b/go.sum @@ -0,0 +1,43 @@ +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= +github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= +github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ= +github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= +github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI= +github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= +github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA= +github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= +github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo= +golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985 h1:4CSI6oo7cOjJKajidEljs9h+uP0rRZBPPPhcCbj5mw8= +golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2 h1:BonxutuHCTL0rBDnZlKjpGIQFTjyUVTexFOdWkB6Fg0= +golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/internal/api/api.go b/internal/api/api.go new file mode 100644 index 0000000..5f5f522 --- /dev/null +++ b/internal/api/api.go @@ -0,0 +1,87 @@ +package api + +import ( + "log" + "net/http" + "strings" + + "github.com/gorilla/sessions" + "github.com/miekg/dns" +) + +type User struct { + session *sessions.Session + username string +} + +// Do things that aren't auth flow here +func Ingest(w http.ResponseWriter, r *http.Request) { + + request := r.URL.Query().Get("req") + + zp := dns.NewZoneParser(strings.NewReader(request), "", "") + for rr, ok := zp.Next(); ok; rr, ok = zp.Next() { + log.Println(rr) + } + + // todo -- add functions to apply to master zonefile if above check is OK + + if err := zp.Err(); err != nil { + log.Println(err) + http.Error(w, "Unable to parse Zonefile", http.StatusBadRequest) + + } +} + +func NewUser(w http.ResponseWriter, r *http.Request) { + // TODO: take form input here + // TODO: store in cookie + asdf := NewSession("greg", w, r) + + asdf.Secret(w, r) + asdf.Logout(w, r) +} + +// basic if authenticated poc +func (user *User) Secret(w http.ResponseWriter, r *http.Request) { + log.Println(user.session.Name()) + session, _ := Store.Get(r, user.session.Name()) + + // Check if user is authenticated + if auth, ok := session.Values["authenticated"].(bool); !ok || !auth { + http.Error(w, "Forbidden", http.StatusForbidden) + return + } + + log.Println("!!!!!") +} + +// take username and password, shit out user +func Login(w http.ResponseWriter, r *http.Request) User { + lookupUsername := r.URL.Query().Get("uname") + + // Authentication goes here + // ... + + // get session from database with username and password + // pass session ID below + + session, _ := Store.Get(r, lookupUsername) + + // Set user as authenticated + session.Values["authenticated"] = true + + session.Save(r, w) + return User{ + session: session, + } +} + +func (user *User) Logout(w http.ResponseWriter, r *http.Request) { + session, _ := Store.Get(r, user.session.Name()) + + // Revoke users authentication + session.Values["authenticated"] = false + + session.Save(r, w) +} diff --git a/internal/api/session.go b/internal/api/session.go new file mode 100644 index 0000000..87a2167 --- /dev/null +++ b/internal/api/session.go @@ -0,0 +1,61 @@ +package api + +import ( + "log" + "net/http" + + "github.com/google/uuid" + "github.com/gorilla/sessions" +) + +// this interface is meant to represent auth flow and will be filled out +// as the software grows more complex +type Auth interface { + Secret(w http.ResponseWriter, r *http.Request) + Logout(w http.ResponseWriter, r *http.Request) +} + +var ( + // key must be 16, 24 or 32 bytes long (AES-128, AES-192 or AES-256) + key = []byte("RfUjXn2r5u8x/A?D*G-KaPdSgVkYp3s6") // temp key for dev builds + Store = sessions.NewCookieStore(key) +) + +// Creates the session +func CreateSession(w http.ResponseWriter, r *http.Request) *sessions.Session { + session, err := Store.Get(r, SessionUUID()) + if err != nil { + log.Fatalln(err) + } + session.Values["test"] = "testSession" + session.Values["authenticated"] = true + err = session.Save(r, w) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return nil + } + return session +} + +func SessionUUID() string { + return uuid.New().String() +} + +// User creation flow ends here +func NewSession(uname string, w http.ResponseWriter, r *http.Request) Auth { + session := CreateSession(w, r) + log.Println(session.Name()) + return &User{ + session: session, + username: uname, + } +} + +// Login flow ends here +func ExistingSession(uname string, w http.ResponseWriter, r *http.Request) Auth { + session := CreateSession(w, r) + return &User{ + session: session, + username: uname, + } +} diff --git a/internal/configuration.go b/internal/configuration.go new file mode 100644 index 0000000..5bf0569 --- /dev/null +++ b/internal/configuration.go @@ -0,0 +1 @@ +package internal diff --git a/internal/util/util.go b/internal/util/util.go new file mode 100644 index 0000000..ab47679 --- /dev/null +++ b/internal/util/util.go @@ -0,0 +1,5 @@ +package util + +func ValidateQuery(request string) (string, error) { + return "", nil +} diff --git a/pkg/types.go b/pkg/types.go new file mode 100644 index 0000000..b813b54 --- /dev/null +++ b/pkg/types.go @@ -0,0 +1,4 @@ +package pkg + +type IncomingRequest struct { +} diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..c9d26ba --- /dev/null +++ b/readme.md @@ -0,0 +1,5 @@ +This will be a website that, to oversimplify things, allows users to submit zonefiles to use [froth.zone nameservers](https://dns.froth.zone/nameservers). + +Working project title is pomme. + +More information to come soon. \ No newline at end of file