AdGuardHome/internal/home/authglinet.go
Ainar Garipov c6888326b0 Pull request: all: update go and backend tools
Closes #2576.
Updates #2275.
Updates #2419.
Updates #2443.

Squashed commit of the following:

commit b1a4809ada298d675de12740051ba26fb9945957
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Fri May 21 14:01:40 2021 +0300

    all: add --local-frontend, upd docker

commit 619ee7c82f27e3405753003dbec556ffb056d025
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Thu May 20 15:02:33 2021 +0300

    bamboo-specs: bump docker version

commit 5c2b2fbce80afdcc81fd0cb83674dc3d64facbf1
Merge: 6536b32d 9c60aef6
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Thu May 20 15:01:47 2021 +0300

    Merge branch 'master' into 2275-upd-go

commit 6536b32dd4580425f7dedde6765463a79b9bd699
Merge: 9bb32bc4 6f7fd33a
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Wed May 19 20:38:48 2021 +0300

    Merge branch 'master' into 2275-upd-go

commit 9bb32bc4c0ac0f3a97195adc75359e48c9c58897
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Wed May 19 18:48:50 2021 +0300

    all: fix build, imp err handling

commit 6868eac7f7d2980fb706881f53e72afe5f7c3447
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Wed May 19 18:09:32 2021 +0300

    all: fix github lint

commit ebbb9c55f32fbd57e34e8b161016aa6b291c097c
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Wed May 19 17:36:56 2021 +0300

    all: update go and backend tools
2021-05-21 14:55:42 +03:00

108 lines
2.1 KiB
Go

package home
import (
"bytes"
"encoding/binary"
"io"
"net"
"net/http"
"os"
"time"
"github.com/AdguardTeam/AdGuardHome/internal/aghio"
"github.com/AdguardTeam/AdGuardHome/internal/aghos"
"github.com/AdguardTeam/golibs/log"
)
// GLMode - enable GL-Inet compatibility mode
var GLMode bool
var glFilePrefix = "/tmp/gl_token_"
const (
glTokenTimeoutSeconds = 3600
glCookieName = "Admin-Token"
)
func glProcessRedirect(w http.ResponseWriter, r *http.Request) bool {
if !GLMode {
return false
}
// redirect to gl-inet login
host, _, _ := net.SplitHostPort(r.Host)
url := "http://" + host
log.Debug("Auth: redirecting to %s", url)
http.Redirect(w, r, url, http.StatusFound)
return true
}
func glProcessCookie(r *http.Request) bool {
if !GLMode {
return false
}
glCookie, glerr := r.Cookie(glCookieName)
if glerr != nil {
return false
}
log.Debug("Auth: GL cookie value: %s", glCookie.Value)
if glCheckToken(glCookie.Value) {
return true
}
log.Info("Auth: invalid GL cookie value: %s", glCookie)
return false
}
func glCheckToken(sess string) bool {
tokenName := glFilePrefix + sess
_, err := os.Stat(tokenName)
if err != nil {
log.Error("os.Stat: %s", err)
return false
}
tokenDate := glGetTokenDate(tokenName)
now := uint32(time.Now().UTC().Unix())
return now <= (tokenDate + glTokenTimeoutSeconds)
}
// MaxFileSize is a maximum file length in bytes.
const MaxFileSize = 1024 * 1024
func glGetTokenDate(file string) uint32 {
f, err := os.Open(file)
if err != nil {
log.Error("os.Open: %s", err)
return 0
}
defer f.Close()
fileReadCloser, err := aghio.LimitReadCloser(f, MaxFileSize)
if err != nil {
log.Error("creating limited reader: %s", err)
return 0
}
defer fileReadCloser.Close()
var dateToken uint32
// This use of ReadAll is now safe, because we limited reader.
bs, err := io.ReadAll(fileReadCloser)
if err != nil {
log.Error("reading token: %s", err)
return 0
}
buf := bytes.NewBuffer(bs)
err = binary.Read(buf, aghos.NativeEndian, &dateToken)
if err != nil {
log.Error("decoding token: %s", err)
return 0
}
return dateToken
}