Add the ability to disable http auth.

While here use better names fofr the flags
This commit is contained in:
Aaron Bieber 2021-05-18 16:34:49 -06:00
parent 723e91e05d
commit 769dac74ea
2 changed files with 34 additions and 21 deletions

1
.gitignore vendored
View File

@ -1 +1,2 @@
widdler widdler
.htpasswd

14
main.go
View File

@ -29,6 +29,7 @@ var tiddly embed.FS
var ( var (
davDir string davDir string
listen string listen string
auth bool
passPath string passPath string
users map[string]string users map[string]string
) )
@ -40,9 +41,10 @@ func init() {
log.Fatalln(err) log.Fatalln(err)
} }
flag.StringVar(&davDir, "davdir", dir, "Directory to serve over WebDAV.") flag.StringVar(&davDir, "wikis", dir, "Directory of TiddlyWikis to serve over WebDAV.")
flag.StringVar(&listen, "http", "127.0.0.1:8080", "Listen on") flag.StringVar(&listen, "http", "127.0.0.1:8080", "Listen on")
flag.StringVar(&passPath, "htpass", fmt.Sprintf("%s/.htpasswd", dir), "Path to .htpasswd file..") flag.StringVar(&passPath, "htpass", fmt.Sprintf("%s/.htpasswd", dir), "Path to .htpasswd file..")
flag.BoolVar(&auth, "auth", true, "Enable HTTP Basic Authentication.")
flag.Parse() flag.Parse()
// These are OpenBSD specific protections used to prevent unnecessary file access. // These are OpenBSD specific protections used to prevent unnecessary file access.
@ -52,6 +54,13 @@ func init() {
_ = protect.Unveil("/etc/resolv.conf", "r") _ = protect.Unveil("/etc/resolv.conf", "r")
_ = protect.Pledge("stdio wpath rpath cpath inet dns") _ = protect.Pledge("stdio wpath rpath cpath inet dns")
_, fErr := os.Stat(passPath)
if os.IsNotExist(fErr) {
if auth {
fmt.Println("No .htpasswd file found!")
os.Exit(1)
}
} else {
p, err := os.Open(passPath) p, err := os.Open(passPath)
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
@ -72,6 +81,7 @@ func init() {
users[parts[0]] = parts[1] users[parts[0]] = parts[1]
} }
} }
}
func authenticate(user string, pass string) bool { func authenticate(user string, pass string) bool {
htpass, exists := users[user] htpass, exists := users[user]
@ -128,12 +138,14 @@ func main() {
return return
} }
if auth {
user, pass, ok := r.BasicAuth() user, pass, ok := r.BasicAuth()
if !(ok && authenticate(user, pass)) { if !(ok && authenticate(user, pass)) {
w.Header().Set("WWW-Authenticate", `Basic realm="davfs"`) w.Header().Set("WWW-Authenticate", `Basic realm="davfs"`)
http.Error(w, "Unauthorized", http.StatusUnauthorized) http.Error(w, "Unauthorized", http.StatusUnauthorized)
return return
} }
}
//wdav.Prefix = user //wdav.Prefix = user