Add authentication and ability to change host

author: Leonardo Bishop <me@leonardobishop.net> 2025-07-14 01:24:40 +0100
committer: Leonardo Bishop <me@leonardobishop.net> 2025-07-14 01:24:40 +0100
commit: 08a3fb8a2b0281c3c329b33215ec7f8866add606 (patch)
tree: ff8a5413449ea198bc063bf0099fc025ea49c82b /web/command
parent: 684787bcb72aece2aa914597a3bc8788432e66f7 (diff)
9 files changed, 233 insertions, 6 deletions
diff --git a/web/command/handler/authenticate.go b/web/command/handler/authenticate.go
new file mode 100644
index 0000000..1c7d312
--- /dev/null
+++ b/web/command/handler/authenticate.go
@@ -0,0 +1,52 @@
+package handler
+
+import (
+	"crypto/subtle"
+	"fmt"
+	"net/http"
+
+	"github.com/LMBishop/scrapbook/pkg/auth"
+	"github.com/LMBishop/scrapbook/pkg/config"
+	"github.com/LMBishop/scrapbook/web/command/html"
+	. "maragu.dev/gomponents"
+	ghttp "maragu.dev/gomponents/http"
+)
+
+func GetAuthenticate() func(http.ResponseWriter, *http.Request) {
+	return ghttp.Adapt(func(w http.ResponseWriter, r *http.Request) (Node, error) {
+		return html.AuthenticatePage(""), nil
+	})
+}
+
+func PostAuthenticate(mainConfig *config.MainConfig, authenticator *auth.Authenticator) func(http.ResponseWriter, *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		err := r.ParseForm()
+		if err != nil {
+			html.AuthenticatePage(err.Error()).Render(w)
+			return
+		}
+
+		token := r.Form.Get("token")
+
+		if len(mainConfig.Command.Secret) == 0 || subtle.ConstantTimeCompare([]byte(token), []byte(mainConfig.Command.Secret)) != 1 {
+			html.AuthenticatePage("The secret key is incorrect").Render(w)
+			return
+		}
+
+		jwt, err := authenticator.NewJwt()
+		if err != nil {
+			html.AuthenticatePage(fmt.Errorf("Failed to create jwt: %w", err).Error()).Render(w)
+			return
+		}
+
+		http.SetCookie(w, &http.Cookie{
+			Name:  "session",
+			Value: jwt,
+
+			Secure:   true,
+			SameSite: http.SameSiteStrictMode,
+			HttpOnly: true,
+		})
+		http.Redirect(w, r, "/", 302)
+	}
+}
diff --git a/web/command/handler/create.go b/web/command/handler/create.go
index 21c6b1a..46c7779 100644
--- a/web/command/handler/create.go
+++ b/web/command/handler/create.go
@@ -36,10 +36,6 @@ func PostCreate(mainConfig *config.MainConfig, index *index.SiteIndex) func(http
 			return html.CreatePage("", "A name must be specified", formValues), nil
 		}
 
-		if host == "" {
-			return html.CreatePage("", "A host must be specified", formValues), nil
-		}
-
 		site, err := site.CreateNewSite(name, path.Join(constants.SysDataDir, "sites"), host)
 
 		if err != nil {
diff --git a/web/command/handler/host.go b/web/command/handler/host.go
new file mode 100644
index 0000000..05b4ca6
--- /dev/null
+++ b/web/command/handler/host.go
@@ -0,0 +1,57 @@
+package handler
+
+import (
+	"fmt"
+	"net/http"
+	"path"
+
+	"github.com/LMBishop/scrapbook/pkg/config"
+	"github.com/LMBishop/scrapbook/pkg/index"
+	"github.com/LMBishop/scrapbook/web/command/html"
+	. "maragu.dev/gomponents"
+	ghttp "maragu.dev/gomponents/http"
+)
+
+func GetHost(index *index.SiteIndex) func(http.ResponseWriter, *http.Request) {
+	return ghttp.Adapt(func(w http.ResponseWriter, r *http.Request) (Node, error) {
+		siteName := r.PathValue("site")
+		if siteName == "" {
+			return html.ErrorPage("Unknown site: " + siteName), nil
+		}
+		site := index.GetSite(siteName)
+		if site == nil {
+			return html.ErrorPage("Unknown site: " + siteName), nil
+		}
+
+		return html.HostPage("", "", siteName, site.SiteConfig.Host), nil
+	})
+}
+
+func PostHost(mainConfig *config.MainConfig, index *index.SiteIndex) func(http.ResponseWriter, *http.Request) {
+	return ghttp.Adapt(func(w http.ResponseWriter, r *http.Request) (Node, error) {
+		siteName := r.PathValue("site")
+		if siteName == "" {
+			return html.ErrorPage("Unknown site: " + siteName), nil
+		}
+		site := index.GetSite(siteName)
+		if site == nil {
+			return html.ErrorPage("Unknown site: " + siteName), nil
+		}
+
+		err := r.ParseForm()
+		if err != nil {
+			return html.HostPage("", fmt.Errorf("Could not parse form: %w", err).Error(), siteName, site.SiteConfig.Host), nil
+		}
+
+		host := r.FormValue("host")
+
+		site.SiteConfig.Host = host
+		index.UpdateSiteIndexes()
+		err = config.WriteSiteConfig(path.Join(site.Path, "site.toml"), site.SiteConfig)
+		if err != nil {
+			return html.HostPage("", fmt.Errorf("Failed to persist flags: %w", err).Error(), siteName, host), nil
+		}
+
+		return html.HostPage(fmt.Sprintf("Successfully set host for %s to '%s'", siteName, host), "", siteName, host), nil
+	})
+}
diff --git a/web/command/html/authenticate.go b/web/command/html/authenticate.go
new file mode 100644
index 0000000..27a2321
--- /dev/null
+++ b/web/command/html/authenticate.go
@@ -0,0 +1,43 @@
+package html
+
+import (
+	. "maragu.dev/gomponents"
+	. "maragu.dev/gomponents/html"
+)
+
+func AuthenticatePage(err string) Node {
+	return page("Authenticate",
+		H1(Text("Welcome to scrapbook")),
+
+		If(err != "", alertError(err)),
+
+		Form(
+			Action("/authenticate"),
+			Method("post"),
+
+			FieldSet(
+				Legend(Text("Authentication")),
+				Label(
+					For("token"),
+					Text("Secret key"),
+				),
+				Input(
+					ID("token"),
+					Name("token"),
+				),
+				Span(
+					Class("form-help"),
+					Text("Enter the secret key to continue."),
+				),
+			),
+
+			Div(
+				Class("control-group group-right"),
+				Input(
+					Type("submit"),
+					Value("Submit"),
+				),
+			),
+		),
+	)
+}
diff --git a/web/command/html/create.go b/web/command/html/create.go
index a0b77d1..8b76776 100644
--- a/web/command/html/create.go
+++ b/web/command/html/create.go
@@ -56,7 +56,7 @@ func CreatePage(success, err string, formValues CreatePageForm) Node {
 					),
 					Span(
 						Class("form-help"),
-						Text("The fully qualified domain name for which this site is to be served on."),
+						Text("The fully qualified domain name for which this site is to be served on. If this site is not to be served by scrapbook, leave blank."),
 					),
 				),
 
diff --git a/web/command/html/home.go b/web/command/html/home.go
index 490b2b8..b9d585c 100644
--- a/web/command/html/home.go
+++ b/web/command/html/home.go
@@ -38,7 +38,8 @@ func HomePage(siteIndex *index.SiteIndex) Node {
 					Span(
 						Class("name"),
 						Span(Text(site.Name)),
-						Span(Text(fmt.Sprintf("on %s", site.SiteConfig.Host))),
+						If(site.SiteConfig.Host == "", Span(Text("no host"))),
+						If(site.SiteConfig.Host != "", Span(Text(fmt.Sprintf("on %s", site.SiteConfig.Host)))),
 					),
 					Span(
 						Class("status"),
diff --git a/web/command/html/host.go b/web/command/html/host.go
new file mode 100644
index 0000000..36f0e6b
--- /dev/null
+++ b/web/command/html/host.go
@@ -0,0 +1,52 @@
+package html
+
+import (
+	"fmt"
+
+	. "maragu.dev/gomponents"
+	. "maragu.dev/gomponents/html"
+)
+
+func HostPage(success, err, siteName, hostValue string) Node {
+	return page("Change host for "+siteName,
+		H1(Text("Change host for "+siteName)),
+
+		If(success != "", Group{
+			alertSuccess(success),
+			Div(
+				Class("control-group group-right"),
+				navButton("OK", fmt.Sprintf("/site/%s/", siteName)),
+			),
+		}),
+
+		If(success == "", Group{
+			If(err != "", alertError(err)),
+
+			Form(
+				Method("post"),
+
+				FieldSet(
+					Legend(Text("Host")),
+					Input(
+						ID("host"),
+						Name("host"),
+						Value(hostValue),
+					),
+					Span(
+						Class("form-help"),
+						Text("The fully qualified domain name for which this site is to be served on. If this site is not to be served by scrapbook, leave blank."),
+					),
+				),
+
+				Div(
+					Class("control-group group-right"),
+					navButton("Go back", fmt.Sprintf("/site/%s/", siteName)),
+					Input(
+						Type("submit"),
+						Value("Submit"),
+					),
+				),
+			),
+		}),
+	)
+}
diff --git a/web/command/html/site.go b/web/command/html/site.go
index 7616e6b..7da9dc0 100644
--- a/web/command/html/site.go
+++ b/web/command/html/site.go
@@ -26,6 +26,7 @@ func SitePage(mainConfig *config.MainConfig, site *site.Site) Node {
 
 				navButton("Upload new version", "upload"),
 				navButton("Set flags", "flags"),
+				navButton("Change host", "host"),
 				navButton("Delete site", "delete"),
 			),
 		),
diff --git a/web/command/middleware/authenticate.go b/web/command/middleware/authenticate.go
new file mode 100644
index 0000000..08e3552
--- /dev/null
+++ b/web/command/middleware/authenticate.go
@@ -0,0 +1,25 @@
+package middleware
+
+import (
+	"net/http"
+
+	"github.com/LMBishop/scrapbook/pkg/auth"
+)
+
+func MustAuthenticate(authenticator *auth.Authenticator, next http.HandlerFunc) http.HandlerFunc {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		jwt, err := r.Cookie("session")
+		if err != nil {
+			http.Redirect(w, r, "/authenticate", 302)
+			return
+		}
+
+		err = authenticator.VerifyJwt(jwt.Value)
+		if err != nil {
+			http.Redirect(w, r, "/authenticate", 302)
+			return
+		}
+
+		next.ServeHTTP(w, r)
+	})
+}
author	Leonardo Bishop <me@leonardobishop.net>	2025-07-14 01:24:40 +0100
committer	Leonardo Bishop <me@leonardobishop.net>	2025-07-14 01:24:40 +0100
commit	08a3fb8a2b0281c3c329b33215ec7f8866add606 (patch)
tree	ff8a5413449ea198bc063bf0099fc025ea49c82b /web/command
parent	684787bcb72aece2aa914597a3bc8788432e66f7 (diff)