seperate routes, provide robust handler types, use mux

2019-07-14 19:32:36 +01:00
parent cbe709025e
commit 5444b328fd
77 changed files with 11880 additions and 1011 deletions
--- a/server/ctrlsubsonic/middleware.go
+++ b/server/ctrlsubsonic/middleware.go
@@ -0,0 +1,80 @@
+package ctrlsubsonic
+
+import (
+	"context"
+	"crypto/md5"
+	"encoding/hex"
+	"fmt"
+	"net/http"
+	"net/url"
+
+	"senan.xyz/g/gonic/server/ctrlsubsonic/spec"
+	"senan.xyz/g/gonic/server/key"
+	"senan.xyz/g/gonic/server/parsing"
+)
+
+var requiredParameters = []string{
+	"u", "v", "c",
+}
+
+func checkHasAllParams(params url.Values) error {
+	for _, req := range requiredParameters {
+		param := params.Get(req)
+		if param != "" {
+			continue
+		}
+		return fmt.Errorf("please provide a `%s` parameter", req)
+	}
+	return nil
+}
+
+func checkCredsToken(password, token, salt string) bool {
+	toHash := fmt.Sprintf("%s%s", password, salt)
+	hash := md5.Sum([]byte(toHash))
+	expToken := hex.EncodeToString(hash[:])
+	return token == expToken
+}
+
+func checkCredsBasic(password, given string) bool {
+	if len(given) >= 4 && given[:4] == "enc:" {
+		bytes, _ := hex.DecodeString(given[4:])
+		given = string(bytes)
+	}
+	return password == given
+}
+
+func (c *Controller) WithValidSubsonicArgs(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if err := checkHasAllParams(r.URL.Query()); err != nil {
+			writeResp(w, r, spec.NewError(10, err.Error()))
+			return
+		}
+		username := parsing.GetStrParam(r, "u")
+		password := parsing.GetStrParam(r, "p")
+		token := parsing.GetStrParam(r, "t")
+		salt := parsing.GetStrParam(r, "s")
+		passwordAuth := token == "" && salt == ""
+		tokenAuth := password == ""
+		if tokenAuth == passwordAuth {
+			writeResp(w, r, spec.NewError(10, "please provide `t` and `s`, or just `p`"))
+			return
+		}
+		user := c.DB.GetUserFromName(username)
+		if user == nil {
+			writeResp(w, r, spec.NewError(40, "invalid username `%s`", username))
+			return
+		}
+		var credsOk bool
+		if tokenAuth {
+			credsOk = checkCredsToken(user.Password, token, salt)
+		} else {
+			credsOk = checkCredsBasic(user.Password, password)
+		}
+		if !credsOk {
+			writeResp(w, r, spec.NewError(40, "invalid password"))
+			return
+		}
+		withUser := context.WithValue(r.Context(), key.User, user)
+		next.ServeHTTP(w, r.WithContext(withUser))
+	})
+}