2020-07-03 20:34:08 +03:00
|
|
|
package home
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"encoding/binary"
|
2021-05-21 14:55:42 +03:00
|
|
|
"io"
|
2020-07-03 20:34:08 +03:00
|
|
|
"net"
|
|
|
|
"net/http"
|
|
|
|
"os"
|
|
|
|
"time"
|
|
|
|
|
2020-11-23 14:14:08 +03:00
|
|
|
"github.com/AdguardTeam/AdGuardHome/internal/aghio"
|
2020-07-03 20:34:08 +03:00
|
|
|
"github.com/AdguardTeam/golibs/log"
|
2023-04-11 20:07:39 +03:00
|
|
|
"github.com/josharian/native"
|
2020-07-03 20:34:08 +03:00
|
|
|
)
|
|
|
|
|
|
|
|
// GLMode - enable GL-Inet compatibility mode
|
|
|
|
var GLMode bool
|
|
|
|
|
|
|
|
var glFilePrefix = "/tmp/gl_token_"
|
|
|
|
|
2020-11-23 14:14:08 +03:00
|
|
|
const (
|
|
|
|
glTokenTimeoutSeconds = 3600
|
|
|
|
glCookieName = "Admin-Token"
|
|
|
|
)
|
2020-07-03 20:34:08 +03:00
|
|
|
|
|
|
|
func glProcessRedirect(w http.ResponseWriter, r *http.Request) bool {
|
|
|
|
if !GLMode {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
// redirect to gl-inet login
|
|
|
|
host, _, _ := net.SplitHostPort(r.Host)
|
|
|
|
url := "http://" + host
|
|
|
|
log.Debug("Auth: redirecting to %s", url)
|
|
|
|
http.Redirect(w, r, url, http.StatusFound)
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
func glProcessCookie(r *http.Request) bool {
|
|
|
|
if !GLMode {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
glCookie, glerr := r.Cookie(glCookieName)
|
|
|
|
if glerr != nil {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
log.Debug("Auth: GL cookie value: %s", glCookie.Value)
|
|
|
|
if glCheckToken(glCookie.Value) {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
log.Info("Auth: invalid GL cookie value: %s", glCookie)
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
func glCheckToken(sess string) bool {
|
|
|
|
tokenName := glFilePrefix + sess
|
|
|
|
_, err := os.Stat(tokenName)
|
|
|
|
if err != nil {
|
|
|
|
log.Error("os.Stat: %s", err)
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
tokenDate := glGetTokenDate(tokenName)
|
|
|
|
now := uint32(time.Now().UTC().Unix())
|
|
|
|
return now <= (tokenDate + glTokenTimeoutSeconds)
|
|
|
|
}
|
|
|
|
|
2020-11-23 14:14:08 +03:00
|
|
|
// MaxFileSize is a maximum file length in bytes.
|
|
|
|
const MaxFileSize = 1024 * 1024
|
|
|
|
|
2020-07-03 20:34:08 +03:00
|
|
|
func glGetTokenDate(file string) uint32 {
|
|
|
|
f, err := os.Open(file)
|
|
|
|
if err != nil {
|
|
|
|
log.Error("os.Open: %s", err)
|
2021-05-24 17:28:11 +03:00
|
|
|
|
2020-07-03 20:34:08 +03:00
|
|
|
return 0
|
|
|
|
}
|
2021-05-24 17:28:11 +03:00
|
|
|
defer func() {
|
|
|
|
derr := f.Close()
|
|
|
|
if derr != nil {
|
|
|
|
log.Error("glinet: closing file: %s", err)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
fileReader, err := aghio.LimitReader(f, MaxFileSize)
|
2020-11-23 14:14:08 +03:00
|
|
|
if err != nil {
|
2021-05-21 14:55:42 +03:00
|
|
|
log.Error("creating limited reader: %s", err)
|
|
|
|
|
2020-11-23 14:14:08 +03:00
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
2020-07-03 20:34:08 +03:00
|
|
|
var dateToken uint32
|
2020-11-23 14:14:08 +03:00
|
|
|
|
|
|
|
// This use of ReadAll is now safe, because we limited reader.
|
2021-05-24 17:28:11 +03:00
|
|
|
bs, err := io.ReadAll(fileReader)
|
2020-07-03 20:34:08 +03:00
|
|
|
if err != nil {
|
2021-05-21 14:55:42 +03:00
|
|
|
log.Error("reading token: %s", err)
|
|
|
|
|
2020-07-03 20:34:08 +03:00
|
|
|
return 0
|
|
|
|
}
|
2021-05-21 14:55:42 +03:00
|
|
|
|
2020-07-03 20:34:08 +03:00
|
|
|
buf := bytes.NewBuffer(bs)
|
|
|
|
|
2023-04-11 20:07:39 +03:00
|
|
|
err = binary.Read(buf, native.Endian, &dateToken)
|
2021-03-12 14:32:08 +03:00
|
|
|
if err != nil {
|
2021-05-21 14:55:42 +03:00
|
|
|
log.Error("decoding token: %s", err)
|
2021-03-12 14:32:08 +03:00
|
|
|
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
2020-07-03 20:34:08 +03:00
|
|
|
return dateToken
|
|
|
|
}
|