wip

halkeye · Feb 19, 2020 · 8e629af · 8e629af
1 parent 925f217
commit 8e629af
Show file tree

Hide file tree

Showing 7 changed files with 90 additions and 18 deletions.
diff --git a/internal/auth/authruntime/runtime.go b/internal/auth/authruntime/runtime.go
@@ -30,6 +30,14 @@ func (p *ProviderRuntime) GetSession(r *http.Request) (*authsession.AuthSession,
 	return authsession.GetSession(p.store, r)
 }
 
+func (p *ProviderRuntime) ClearSession(w http.ResponseWriter, r *http.Request) error {
+	return authsession.ClearSession(p.store, r, w)
+}
+
+func (p *ProviderRuntime) Restart(w http.ResponseWriter, r *http.Request) {
+	http.Redirect(w, r, "/signin", http.StatusTemporaryRedirect)
+}
+
 func (p *ProviderRuntime) Done(w http.ResponseWriter, r *http.Request) {
 	http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
 }
diff --git a/internal/auth/authsession/session.go b/internal/auth/authsession/session.go
@@ -27,8 +27,7 @@ func GetSession(store sessions.Store, r *http.Request) (*AuthSession, error) {
 	session, _ := store.Get(r, string(sessionKey))
 	if data, ok := session.Values[string(sessionKey)].([]byte); ok {
 		s := &AuthSession{}
-		err := json.Unmarshal(data, s)
-		if err != nil {
+		if err := json.Unmarshal(data, s); err != nil {
 			return nil, errors.Wrap(err, "failed to parse session")
 		}
 		return s, nil
@@ -43,9 +42,17 @@ func SetSession(store sessions.Store, r *http.Request, w http.ResponseWriter, s
 	}
 	session, _ := store.Get(r, string(sessionKey))
 	session.Values[string(sessionKey)] = data
-	err = session.Save(r, w)
-	if err != nil {
-		logrus.Error(errors.Wrap(err, "failed to save session"))
+	if err := session.Save(r, w); err != nil {
+		return err
+	}
+	return nil
+}
+
+func ClearSession(store sessions.Store, r *http.Request, w http.ResponseWriter) error {
+	session, _ := store.Get(r, string(sessionKey))
+	session.Options.MaxAge = -1
+	if err := session.Save(r, w); err != nil {
+		logrus.Error(err)
 		return err
 	}
 	return nil
@@ -63,3 +70,8 @@ func CurrentUser(ctx context.Context) (*Identity, error) {
 	}
 	return nil, errors.New("unauthenticated")
 }
+
+func Authenticated(ctx context.Context) bool {
+	_, err := CurrentUser(ctx)
+	return err == nil
+}
diff --git a/internal/auth/authtemplates/login.go b/internal/auth/authtemplates/login.go
@@ -29,7 +29,7 @@ const loginPage string = `
 	}
 
 	body {
-		background-color: #44c4e7;
+		background-color: #3899c9;
 	}
 
 	.form {
@@ -40,13 +40,14 @@ const loginPage string = `
 		background-color: #fff;
 		width: 285px;
 		padding: 40px;
-		box-shadow: 0 0 3px rgba(0, 0, 0, 0.3);
+		box-shadow: 0 10px 20px rgba(0, 0, 0, 0.19), 0 6px 6px rgba(0, 0, 0, 0.23);
 	}
 
 	.form h2 {
-		margin: 0 0 20px;
+		margin: 0 0 35px;
+		text-align: center;
 		line-height: 1;
-		color: #44c4e7;
+		color: black;
 		font-size: 22px;
 		font-weight: 400;
 	}
@@ -61,10 +62,18 @@ const loginPage string = `
 		box-sizing: border-box;
 	}
 
-	.form * {
+	.form a {
+		display: block;
+	}
+
+	.form > * {
 		margin: 0 0 20px;
 	}
 
+	.form > *:last-child {
+		margin-bottom: 0px;
+	}
+
 	.form input:focus {
 		color: #333;
 		border: 1px solid #44c4e7;
@@ -107,7 +116,7 @@ const loginPage string = `
 </style>
 
 <section class="form">
-  <h2>Login To Your Account</h2>
+  <h2>Sign In</h2>
 
 	{{range $i, $p := .Providers}}
 		<a href="/signin/{{$i}}">

diff --git a/internal/auth/router.go b/internal/auth/router.go
@@ -54,11 +54,16 @@ func (m *AuthMiddleware) Wrap(next http.Handler) http.Handler {
 		provider.Invoke(w, r, runtime)
 	})
 
+	router.HandleFunc("/signout", func(w http.ResponseWriter, r *http.Request) {
+		runtime.ClearSession(w, r)
+		runtime.Restart(w, r)
+	})
+
 	router.PathPrefix("/").Handler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if s, err := runtime.GetSession(r); err == nil {
 			next.ServeHTTP(w, r.WithContext(authsession.SetIdentityCtx(r.Context(), s)))
 		} else {
-			http.Redirect(w, r, "/login", http.StatusTemporaryRedirect)
+			next.ServeHTTP(w, r)
 		}
 	}))
 

diff --git a/main.go b/main.go
@@ -15,6 +15,7 @@ import (
 
 	"github.com/pkg/errors"
 	"github.com/place1/wireguard-access-server/internal/auth"
+	"github.com/place1/wireguard-access-server/internal/auth/authsession"
 	"github.com/place1/wireguard-access-server/internal/config"
 	"github.com/place1/wireguard-access-server/internal/devices"
 	"github.com/place1/wireguard-access-server/internal/dnsproxy"
@@ -103,16 +104,20 @@ func main() {
 	})
 	grpcServer := grpcweb.WrapServer(server)
 
-	var handler http.Handler = http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
+	var handler http.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		defer func() {
 			if err := recover(); err != nil {
 				logrus.WithField("stack", string(debug.Stack())).Error(err)
 			}
 		}()
-		if grpcServer.IsGrpcWebRequest(req) {
-			grpcServer.ServeHTTP(resp, req)
+		if grpcServer.IsGrpcWebRequest(r) {
+			grpcServer.ServeHTTP(w, r)
 		} else {
-			router.ServeHTTP(resp, req)
+			if authsession.Authenticated(r.Context()) {
+				router.ServeHTTP(w, r)
+			} else {
+				http.Redirect(w, r, "/signin", http.StatusTemporaryRedirect)
+			}
 		}
 	})
 

diff --git a/website/src/Cookies.ts b/website/src/Cookies.ts
@@ -0,0 +1,23 @@
+// adapted from:
+// https://stackoverflow.com/questions/5968196/check-cookie-if-cookie-exists
+export function getCookie(name: string): string | undefined {
+  const dc = document.cookie;
+  const prefix = name + '=';
+  let begin = dc.indexOf('; ' + prefix);
+  let end = undefined;
+  if (begin == -1) {
+    begin = dc.indexOf(prefix);
+    if (begin != 0) {
+      return undefined;
+    }
+  } else {
+    begin += 2;
+    end = document.cookie.indexOf(';', begin);
+    if (end == -1) {
+      end = dc.length;
+    }
+  }
+  // because unescape has been deprecated, replaced with decodeURI
+  // return unescape(dc.substring(begin + prefix.length, end));
+  return decodeURI(dc.substring(begin + prefix.length, end));
+}
diff --git a/website/src/components/Navigation.tsx b/website/src/components/Navigation.tsx
@@ -3,6 +3,9 @@ import { makeStyles } from '@material-ui/core/styles';
 import AppBar from '@material-ui/core/AppBar';
 import Toolbar from '@material-ui/core/Toolbar';
 import Typography from '@material-ui/core/Typography';
+import Link from '@material-ui/core/Link';
+import Button from '@material-ui/core/Button';
+import { getCookie } from '../Cookies';
 
 const useStyles = makeStyles(theme => ({
   title: {
@@ -12,14 +15,21 @@ const useStyles = makeStyles(theme => ({
 
 export default function Navigation() {
   const classes = useStyles();
-
+  const hasAuthCookie = !!getCookie('auth-session');
   return (
     <AppBar position="static">
       <Toolbar>
         <Typography variant="h6" className={classes.title}>
         Your Devices
         </Typography>
+        {hasAuthCookie &&
+          <Link color="inherit" href="/signout">
+            <Button color="inherit">
+              Logout
+            </Button>
+          </Link>
+        }
       </Toolbar>
     </AppBar>
   );
-}
+}