diff options
| -rw-r--r-- | go.mod | 8 | ||||
| -rw-r--r-- | go.sum | 4 | ||||
| -rw-r--r-- | main.go | 24 | ||||
| -rw-r--r-- | templates/index.html | 2 |
4 files changed, 26 insertions, 12 deletions
@@ -1,5 +1,9 @@ module box -go 1.23 +go 1.23.0 -require github.com/google/uuid v1.6.0 // indirect +toolchain go1.24.1 + +require github.com/google/uuid v1.6.0 + +require golang.org/x/crypto v0.36.0 // indirect @@ -0,0 +1,4 @@ +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34= +golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= @@ -16,6 +16,7 @@ import ( "io/fs" "github.com/google/uuid" + "golang.org/x/crypto/bcrypt" ) //go:embed templates @@ -27,17 +28,17 @@ var favicon []byte type BoxHandler struct { filesPath string - token string + token []byte deleteEnabled bool index bool } -func serve(w http.ResponseWriter, token string, views ...string) { +func serve(w http.ResponseWriter, token []byte, views ...string) { t, err := template.New("index.html").ParseFS(tmplFS, views...) if err != nil { log.Fatal(err) } - if err := t.Execute(w, token); err != nil { + if err := t.Execute(w, token != nil); err != nil { log.Fatal(err) } } @@ -79,7 +80,7 @@ func (handler BoxHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { return } token := r.Header.Get("X-Token") - if token != handler.token { + if bcrypt.CompareHashAndPassword(handler.token, []byte(token)) != nil { log.Println("unauthorized") w.WriteHeader(http.StatusUnauthorized) return @@ -101,7 +102,7 @@ func (handler BoxHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { return } token := r.Header.Get("X-Token") - if token != handler.token { + if bcrypt.CompareHashAndPassword(handler.token, []byte(token)) != nil { log.Println("unauthorized") w.WriteHeader(http.StatusUnauthorized) return @@ -143,14 +144,19 @@ func main() { index := flag.Bool("i", false, "Enable displaying the resource folder index") flag.Parse() - token := "" + var token []byte = nil if *isToken { - token = os.Getenv("BOX_TOKEN") - if token == "" { + tok := os.Getenv("BOX_TOKEN") + if tok == "" { fmt.Print("Token: ") sc := bufio.NewScanner(os.Stdin) sc.Scan() - token = sc.Text() + tok = sc.Text() + } + var err error = nil + token, err = bcrypt.GenerateFromPassword([]byte(tok), bcrypt.DefaultCost) + if err != nil { + panic(err) } } diff --git a/templates/index.html b/templates/index.html index 0bf6019..8bb0e38 100644 --- a/templates/index.html +++ b/templates/index.html @@ -66,7 +66,7 @@ This ID can then be used to get the file by sending a GET request to /[resourceI If enabled on the server, the resource can be deleted by sending a DELETE request to /[resourceID]. Again if a token has been set on the server, use a X-Token header when sending the request.</pre> - {{ if ne . "" }} + {{ if . }} <input type="text" id="token" placeholder="token"/> {{end}} <input type="file" id="file"/><br/><br/> |