badguardhome/internal/home/authglinet.go
Ainar Garipov 7e64205d44 Pull request: home: rm var shadowing, vol. 4
Closes #2803.

Squashed commit of the following:

commit cb36cc8811160bb39a32fb8eddf962d0ebe9035a
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Fri Mar 12 14:21:46 2021 +0300

    home: imp more

commit 9ea7ccec8bb293881cf724d7ad57e6744243d8b9
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Fri Mar 12 13:58:10 2021 +0300

    all: imp naming, refactor http srv shutdown

commit f29221007c16fd3e7230bf2c1ac37b365f3e29aa
Merge: 2247c05b bfbf73f3
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Fri Mar 12 13:35:17 2021 +0300

    Merge branch 'master' into 2803-shadow-4

commit 2247c05b5521346aaf362d81ccdd64fee31f1e6d
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Fri Jan 29 20:53:21 2021 +0300

    home: rm var shadowing, vol. 4
2021-03-12 14:32:08 +03:00

121 lines
2.4 KiB
Go

package home
import (
"bytes"
"encoding/binary"
"io/ioutil"
"net"
"net/http"
"os"
"time"
"unsafe"
"github.com/AdguardTeam/AdGuardHome/internal/aghio"
"github.com/AdguardTeam/golibs/log"
)
// GLMode - enable GL-Inet compatibility mode
var GLMode bool
var glFilePrefix = "/tmp/gl_token_"
const (
glTokenTimeoutSeconds = 3600
glCookieName = "Admin-Token"
)
func glProcessRedirect(w http.ResponseWriter, r *http.Request) bool {
if !GLMode {
return false
}
// redirect to gl-inet login
host, _, _ := net.SplitHostPort(r.Host)
url := "http://" + host
log.Debug("Auth: redirecting to %s", url)
http.Redirect(w, r, url, http.StatusFound)
return true
}
func glProcessCookie(r *http.Request) bool {
if !GLMode {
return false
}
glCookie, glerr := r.Cookie(glCookieName)
if glerr != nil {
return false
}
log.Debug("Auth: GL cookie value: %s", glCookie.Value)
if glCheckToken(glCookie.Value) {
return true
}
log.Info("Auth: invalid GL cookie value: %s", glCookie)
return false
}
func glCheckToken(sess string) bool {
tokenName := glFilePrefix + sess
_, err := os.Stat(tokenName)
if err != nil {
log.Error("os.Stat: %s", err)
return false
}
tokenDate := glGetTokenDate(tokenName)
now := uint32(time.Now().UTC().Unix())
return now <= (tokenDate + glTokenTimeoutSeconds)
}
// TODO(a.garipov): Replace with a smaller version of
// https://github.com/josharian/native.
func archIsLittleEndian() bool {
var i int32 = 0x01020304
u := unsafe.Pointer(&i)
pb := (*byte)(u)
b := *pb
return (b == 0x04)
}
// MaxFileSize is a maximum file length in bytes.
const MaxFileSize = 1024 * 1024
func glGetTokenDate(file string) uint32 {
f, err := os.Open(file)
if err != nil {
log.Error("os.Open: %s", err)
return 0
}
defer f.Close()
fileReadCloser, err := aghio.LimitReadCloser(f, MaxFileSize)
if err != nil {
log.Error("LimitReadCloser: %s", err)
return 0
}
defer fileReadCloser.Close()
var dateToken uint32
// This use of ReadAll is now safe, because we limited reader.
bs, err := ioutil.ReadAll(fileReadCloser)
if err != nil {
log.Error("ioutil.ReadAll: %s", err)
return 0
}
buf := bytes.NewBuffer(bs)
var order binary.ByteOrder = binary.BigEndian
if archIsLittleEndian() {
order = binary.LittleEndian
}
err = binary.Read(buf, order, &dateToken)
if err != nil {
log.Error("binary.Read: %s", err)
return 0
}
return dateToken
}