manage auth and add secret

auth/auth.go

@@ -30,7 +30,7 @@ func LogIn(username string, password string) (ok bool, user map[string]string) {
 		GroupFilter:  "(memberUid=%s)",
 		Attributes:   conf.LDAP.Attributes,
 	}
-	log.Print(ldapclient)
+
 	defer ldapclient.Close()
 
 	ok, user, err := ldapclient.Authenticate(username, password)

config/config.go

@@ -5,25 +5,28 @@ import (
 
 	ini "gopkg.in/ini.v1"
 )
+
 // Config is the config
 type Config struct {
-	HTTP    HTTPConfig
-	LDAP    LDAPConfig
+	HTTP HTTPConfig
+	LDAP LDAPConfig
 }
+
 // HTTPConfig is the http config
 type HTTPConfig struct {
-	Address     string
-	
+	Address string
+	Secret  string
 }
+
 // LDAPConfig is the ldap config
 type LDAPConfig struct {
-	Base            string
-	Host            string
-	Port 			int
-	BindDN			string
-	BindPassword	string
-	UserFilter		string
-	Attributes		[]string
+	Base         string
+	Host         string
+	Port         int
+	BindDN       string
+	BindPassword string
+	UserFilter   string
+	Attributes   []string
 }
 
 // NewFromFile retrieves the configuration from the given file
@@ -38,11 +41,12 @@ func NewFromFile(filepath string) (*Config, error) {
 	}
 	return config, nil
 }
+
 // NewDefault set a default config
 func NewDefault() *Config {
 	return &Config{
 		HTTP: HTTPConfig{
-			Address:     ":3001",
+			Address: ":3001",
 		},
 		LDAP: LDAPConfig{
 			Base:         "dc=example,dc=com",
@@ -53,9 +57,9 @@ func NewDefault() *Config {
 			UserFilter:   "(uid=%s)",
 			Attributes:   []string{"givenName", "sn", "mail", "uid"},
 		},
-		
 	}
 }
+
 // Dump return the config dump
 func Dump(config *Config, w io.Writer) error {
 	cfg := ini.Empty()

server.go

@@ -23,6 +23,7 @@ type User struct {
 }
 
 var configFile = "server.conf"
+var secret string
 
 func main() {
 
@@ -32,6 +33,7 @@ func main() {
 	if conferr != nil {
 		conf = config.NewDefault()
 	}
+	secret = conf.HTTP.Secret
 
 	bdd.InitDB()
 
@@ -52,19 +54,18 @@ func main() {
 
 // ServerHTTP is the entry point to all requests
 func (u *User) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-
 	if err := r.ParseForm(); err != nil {
 		log.Printf("ParseForm() err: %v", err)
 	} else {
 		u.Auth(r.FormValue("user"), r.FormValue("password"))
 	}
-	if u.Name == "" {
 
-		LogInPage(w, r)
+	if r.Method == http.MethodPost && r.Form.Get("option") != "" && r.Form.Get("key") == "hBObfzuTOTv6BjLUxzXaV5MUeNsTdivY" {
+		VoteEndPoint(w, r)
 		return
 	}
-	if r.Method == http.MethodPost && r.Form.Get("option") != "" {
-		VoteEndPoint(w, r)
+	if u.Name == "" {
+		LogInPage(w, r)
 		return
 	}
 	if r.URL.Path == "/" {
@@ -84,6 +85,9 @@ func (u *User) Auth(user string, pass string) bool {
 	if auth {
 		u.Name = user
 		u.Password = pass
+	} else {
+		u.Name = ""
+		u.Password = ""
 	}
 	// auth := true
 	// u.Name = "mlamalle"
@@ -107,11 +111,12 @@ func LogInPage(w http.ResponseWriter, r *http.Request) {
 // HomePage is the homepage of the app
 func HomePage(w http.ResponseWriter, r *http.Request) {
 	type HomeData struct {
+		Key   string
 		Foods foodlist.FoodOfTheDay
 		Votes vote.VotesOfTheDay
 	}
 
-	datas := HomeData{foodlist.GetFoodOfTheDay(), vote.GetVotesOfTheDay()}
+	datas := HomeData{secret, foodlist.GetFoodOfTheDay(), vote.GetVotesOfTheDay()}
 
 	paths := []string{
 		"./templates/index.tmpl",

templates/index.tmpl

@@ -9,7 +9,8 @@
     <script src="https://twemoji.maxcdn.com/v/latest/twemoji.min.js" crossorigin="anonymous"></script>
     <style type="text/css">h2 { margin: 2em 0em; }  .ui.container { padding-top: 5em; padding-bottom: 5em; } </style>
     <script type="text/javascript">
-        function vote(option){$.post( "/", {option}, ( data ) => {  $('.modal').modal('show');});}
+        var key = "{{ .Key }}";
+        function vote(option){$.post( "/", {option, key}, ( data ) => {  $('.modal').modal('show');});}
         function reload(){document.location.reload(true);}    
        
     </script>