auth

bnulwh · Jan 20, 2024 · 3be2ff0 · 3be2ff0
1 parent 43c15c1
commit 3be2ff0
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 2 deletions.
diff --git a/cmd/go-selfupdate/main.go b/cmd/go-selfupdate/main.go
@@ -14,6 +14,9 @@ import (
 	"path/filepath"
 	"runtime"
 )
+const (
+	DefaultToken = "ap_pJSFC5wQYkAyI0FIVwKYs9h1hW"
+)
 
 func uploadFile(url, filename, platform, version string) error {
 	var buf bytes.Buffer
@@ -53,6 +56,7 @@ func uploadFile(url, filename, platform, version string) error {
 		return err
 	}
 	req.Header.Set("Content-Type", writer.FormDataContentType())
+	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", DefaultToken))
 	client := http.DefaultClient
 	resp, err := client.Do(req)
 	if err != nil {

diff --git a/cmd/server/main.go b/cmd/server/main.go
@@ -7,18 +7,23 @@ import (
 	"encoding/json"
 	"flag"
 	"fmt"
-	"github.com/kr/binarydist"
 	"github.com/bnulwh/go-selfupdate/selfupdate"
+	"github.com/kr/binarydist"
 	"io"
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"strings"
 
 	"github.com/gin-gonic/gin"
 	"log"
 	"net/http"
 )
 
+const (
+	DefaultToken = "ap_pJSFC5wQYkAyI0FIVwKYs9h1hW"
+)
+
 type current struct {
 	Version string
 	Sha256  []byte
@@ -56,13 +61,40 @@ func main() {
 	flag.Parse()
 
 	router := gin.Default()
+	router.Use(PermissionChecker())
 	//pprof.Register(router, "/pprof")
 	router.StaticFS("/", http.Dir(*servePath))
 	router.POST("/upload", PostUpload)
 	router.Run(":8080")
 
 }
 
+func PermissionChecker() gin.HandlerFunc {
+	return func(ctx *gin.Context) {
+		auth := ctx.Request.Header.Get("Authorization")
+		if auth == "" {
+			ctx.AbortWithError(http.StatusUnauthorized, fmt.Errorf("not auth"))
+			return
+		}
+		arr := strings.Split(auth, " ")
+		if len(arr) != 2 {
+			ctx.AbortWithError(http.StatusUnauthorized, fmt.Errorf("not auth"))
+			return
+		}
+		authType := arr[0]
+		if authType != "Bearer" {
+			ctx.AbortWithError(http.StatusUnauthorized, fmt.Errorf("not auth"))
+			return
+		}
+		authToken := arr[1]
+		if authToken != DefaultToken {
+			ctx.AbortWithError(http.StatusUnauthorized, fmt.Errorf("not auth"))
+			return
+		}
+		ctx.Next()
+	}
+}
+
 func PostUpload(ctx *gin.Context) {
 	file, _ := ctx.FormFile("file")
 	filePath := "/tmp/" + file.Filename

diff --git a/selfupdate/requester.go b/selfupdate/requester.go
@@ -4,6 +4,11 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"strings"
+)
+
+const (
+	DefaultToken = "ap_pJSFC5wQYkAyI0FIVwKYs9h1hW"
 )
 
 // Requester interface allows developers to customize the method in which
@@ -19,7 +24,14 @@ type HTTPRequester struct{}
 // Fetch will return an HTTP request to the specified url and return
 // the body of the result. An error will occur for a non 200 status code.
 func (httpRequester *HTTPRequester) Fetch(url string) (io.ReadCloser, error) {
-	resp, err := http.Get(url)
+	body := ""
+	req, err := http.NewRequest("GET", url, strings.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", DefaultToken))
+	client := http.DefaultClient
+	resp, err := client.Do(req)
 	if err != nil {
 		return nil, err
 	}