add auth

cmd/server/main.go

@@ -1,16 +1,73 @@
 package main
 
 import (
+	"crypto/md5"
+	"encoding/hex"
+	"fmt"
 	"log"
+	"net/http"
 
+	"github.com/sentriz/gonic/context"
 	"github.com/sentriz/gonic/db"
 	"github.com/sentriz/gonic/handler"
 	"github.com/sentriz/gonic/router"
+	"github.com/sentriz/gonic/subsonic"
+
+	_ "github.com/jinzhu/gorm/dialects/sqlite"
+	"github.com/labstack/echo"
 )
 
+var (
+	username           = "senan"
+	password           = "howdy"
+	requiredParameters = []string{
+		"u", "t", "s", "v", "c",
+	}
+)
+
+func checkCredentials(token, salt string) bool {
+	toHash := fmt.Sprintf("%s%s", password, salt)
+	hash := md5.Sum([]byte(toHash))
+	expToken := hex.EncodeToString(hash[:])
+	return token == expToken
+}
+
+func contextMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
+	return func(c echo.Context) error {
+		return next(&context.Subsonic{c})
+	}
+}
+
+func validationMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
+	return func(c echo.Context) error {
+		cc := c.(*context.Subsonic)
+		for _, req := range requiredParameters {
+			param := cc.QueryParams().Get(req)
+			if param != "" {
+				continue
+			}
+			return cc.Respond(http.StatusBadRequest, subsonic.NewError(
+				10, fmt.Sprintf("please provide a `%s` parameter", req),
+			))
+		}
+		credsOk := checkCredentials(
+			cc.QueryParams().Get("t"), // token
+			cc.QueryParams().Get("s"), // salt
+		)
+		if !credsOk {
+			return cc.Respond(http.StatusBadRequest, subsonic.NewError(
+				40, "invalid username or password",
+			))
+		}
+		return next(c)
+	}
+}
+
 func main() {
 	d := db.New()
 	r := router.New()
+	r.Use(contextMiddleware)
+	r.Use(validationMiddleware)
 	h := &handler.Handler{
 		DB:     d,
 		Router: r,