feat: Pass encryption key in URL fragment
All checks were successful
/ pre-commit (push) Successful in 1m21s
All checks were successful
/ pre-commit (push) Successful in 1m21s
- Remove encryptionKey from URL - Use POST method to pass both password and encryption key - Parse URL fragment to extract the encryption key from the web (using javascript) and from the CLI Fixes #36. Signed-off-by: Julien Riou <julien@riou.xyz>
This commit is contained in:
parent
1fcde736a8
commit
ee7b5f0c6e
GPG key ID:
9A099EDA51316854
8 changed files with 103 additions and 316 deletions
|
|
@ -160,9 +160,9 @@ func (h *CreateNoteWithFormHandler) ServeHTTP(w http.ResponseWriter, r *http.Req
|
|||
scheme = "https://"
|
||||
}
|
||||
|
||||
h.PageData.URL = fmt.Sprintf("%s%s/%d", scheme, r.Host, note.ID)
|
||||
h.PageData.URL = fmt.Sprintf("%s%s/%d.html", scheme, r.Host, note.ID)
|
||||
if encryptionKey != "" {
|
||||
h.PageData.URL += "/" + encryptionKey
|
||||
h.PageData.URL += "#" + encryptionKey
|
||||
}
|
||||
|
||||
h.logger.Debug("rendering page")
|
||||
|
|
@ -197,17 +197,11 @@ func (h *GetRawWebNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
|
|||
return
|
||||
}
|
||||
|
||||
if note.Encrypted {
|
||||
h.PageData.Err = fmt.Errorf("note is encrypted")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
|
||||
h.PageData.Note = note
|
||||
|
||||
h.logger.Debug("rendering page")
|
||||
|
||||
if len(note.PasswordHash) > 0 {
|
||||
if note.Encrypted || len(note.PasswordHash) > 0 {
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
|
|
@ -241,11 +235,12 @@ func (h *GetProtectedRawWebNoteHandler) ServeHTTP(w http.ResponseWriter, r *http
|
|||
}
|
||||
|
||||
password := r.FormValue("password")
|
||||
encryptionKey := r.FormValue("encryption-key")
|
||||
|
||||
note, err := h.db.Get(id)
|
||||
|
||||
if err != nil {
|
||||
h.PageData.Err = fmt.Errorf("could not get raw note")
|
||||
h.PageData.Err = fmt.Errorf("could not find note")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
|
|
@ -257,56 +252,11 @@ func (h *GetProtectedRawWebNoteHandler) ServeHTTP(w http.ResponseWriter, r *http
|
|||
}
|
||||
|
||||
if note.Encrypted {
|
||||
h.PageData.Err = fmt.Errorf("note is encrypted")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
|
||||
if err := bcrypt.CompareHashAndPassword(note.PasswordHash, []byte(password)); err != nil {
|
||||
h.PageData.Err = fmt.Errorf("invalid password")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
|
||||
h.PageData.Note = note
|
||||
|
||||
h.logger.Debug("rendering page")
|
||||
|
||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||
w.WriteHeader(http.StatusOK)
|
||||
fmt.Fprint(w, string(note.Content))
|
||||
}
|
||||
|
||||
type GetEncryptedRawWebNoteHandler struct {
|
||||
Templates *template.Template
|
||||
PageData PageData
|
||||
logger *slog.Logger
|
||||
db *Database
|
||||
}
|
||||
|
||||
func (h *GetEncryptedRawWebNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
h.PageData.Err = nil
|
||||
templateName := "unprotectedNote"
|
||||
|
||||
vars := mux.Vars(r)
|
||||
id := vars["id"]
|
||||
encryptionKey := vars["encryptionKey"]
|
||||
|
||||
note, err := h.db.Get(id)
|
||||
|
||||
if err != nil {
|
||||
h.PageData.Err = fmt.Errorf("could not get raw note")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
|
||||
if note == nil {
|
||||
h.PageData.Err = fmt.Errorf("note doesn't exist or has been deleted")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
|
||||
if encryptionKey != "" && note.Encrypted {
|
||||
if encryptionKey == "" {
|
||||
h.PageData.Err = fmt.Errorf("encryption key not found")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
note.Content, err = internal.Decrypt(note.Content, encryptionKey)
|
||||
if err != nil {
|
||||
h.PageData.Err = fmt.Errorf("could not decrypt note")
|
||||
|
|
@ -315,70 +265,9 @@ func (h *GetEncryptedRawWebNoteHandler) ServeHTTP(w http.ResponseWriter, r *http
|
|||
}
|
||||
}
|
||||
|
||||
h.PageData.Note = note
|
||||
|
||||
h.logger.Debug("rendering page")
|
||||
|
||||
if len(note.PasswordHash) > 0 {
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
|
||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||
w.WriteHeader(http.StatusOK)
|
||||
fmt.Fprint(w, string(note.Content))
|
||||
}
|
||||
|
||||
type GetProtectedEncryptedRawWebNoteHandler struct {
|
||||
Templates *template.Template
|
||||
PageData PageData
|
||||
logger *slog.Logger
|
||||
db *Database
|
||||
maxUploadSize int64
|
||||
}
|
||||
|
||||
func (h *GetProtectedEncryptedRawWebNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
h.PageData.Err = nil
|
||||
templateName := "protectedNote"
|
||||
|
||||
vars := mux.Vars(r)
|
||||
id := vars["id"]
|
||||
encryptionKey := vars["encryptionKey"]
|
||||
|
||||
h.logger.Debug("parsing multipart form")
|
||||
err := r.ParseMultipartForm(h.maxUploadSize)
|
||||
if err != nil {
|
||||
h.PageData.Err = err
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
|
||||
password := r.FormValue("password")
|
||||
|
||||
note, err := h.db.Get(id)
|
||||
|
||||
if err != nil {
|
||||
h.PageData.Err = fmt.Errorf("could not get raw note")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
|
||||
if note == nil {
|
||||
h.PageData.Err = fmt.Errorf("note doesn't exist or has been deleted")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
|
||||
if err := bcrypt.CompareHashAndPassword(note.PasswordHash, []byte(password)); err != nil {
|
||||
h.PageData.Err = fmt.Errorf("invalid password")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
|
||||
if encryptionKey != "" && note.Encrypted {
|
||||
note.Content, err = internal.Decrypt(note.Content, encryptionKey)
|
||||
if err != nil {
|
||||
h.PageData.Err = fmt.Errorf("could not decrypt note")
|
||||
if err := bcrypt.CompareHashAndPassword(note.PasswordHash, []byte(password)); err != nil {
|
||||
h.PageData.Err = fmt.Errorf("invalid password")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
|
|
@ -421,12 +310,6 @@ func (h *GetWebNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
if note.Encrypted {
|
||||
h.PageData.Err = fmt.Errorf("note is encrypted")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
|
||||
h.PageData.Note = note
|
||||
|
||||
h.logger.Debug("rendering page")
|
||||
|
|
@ -457,11 +340,12 @@ func (h *GetProtectedWebNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Re
|
|||
}
|
||||
|
||||
password := r.FormValue("password")
|
||||
encryptionKey := r.FormValue("encryption-key")
|
||||
|
||||
note, err := h.db.Get(id)
|
||||
|
||||
if err != nil {
|
||||
h.PageData.Err = err
|
||||
h.PageData.Err = fmt.Errorf("could not find note")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
|
|
@ -473,15 +357,25 @@ func (h *GetProtectedWebNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Re
|
|||
}
|
||||
|
||||
if note.Encrypted {
|
||||
h.PageData.Err = fmt.Errorf("note is encrypted")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
if encryptionKey == "" {
|
||||
h.PageData.Err = fmt.Errorf("encryption key not found")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
note.Content, err = internal.Decrypt(note.Content, encryptionKey)
|
||||
if err != nil {
|
||||
h.PageData.Err = fmt.Errorf("could not decrypt note")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if err := bcrypt.CompareHashAndPassword(note.PasswordHash, []byte(password)); err != nil {
|
||||
h.PageData.Err = fmt.Errorf("invalid password")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
if len(note.PasswordHash) > 0 {
|
||||
if err := bcrypt.CompareHashAndPassword(note.PasswordHash, []byte(password)); err != nil {
|
||||
h.PageData.Err = fmt.Errorf("invalid password")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
h.PageData.Note = note
|
||||
|
|
@ -490,111 +384,6 @@ func (h *GetProtectedWebNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Re
|
|||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
}
|
||||
|
||||
type GetEncryptedWebNoteHandler struct {
|
||||
Templates *template.Template
|
||||
PageData PageData
|
||||
logger *slog.Logger
|
||||
db *Database
|
||||
}
|
||||
|
||||
func (h *GetEncryptedWebNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
h.PageData.Err = nil
|
||||
templateName := "unprotectedNote"
|
||||
|
||||
vars := mux.Vars(r)
|
||||
id := vars["id"]
|
||||
encryptionKey := vars["encryptionKey"]
|
||||
|
||||
note, err := h.db.Get(id)
|
||||
|
||||
if err != nil {
|
||||
h.PageData.Err = err
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
|
||||
if note == nil {
|
||||
h.PageData.Err = fmt.Errorf("note doesn't exist or has been deleted")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
|
||||
if encryptionKey != "" && note.Encrypted {
|
||||
note.Content, err = internal.Decrypt(note.Content, encryptionKey)
|
||||
if err != nil {
|
||||
h.PageData.Err = fmt.Errorf("could not decrypt note")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
h.PageData.Note = note
|
||||
|
||||
h.logger.Debug("rendering encrypted note web page")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
}
|
||||
|
||||
type GetProtectedEncryptedWebNoteHandler struct {
|
||||
Templates *template.Template
|
||||
PageData PageData
|
||||
logger *slog.Logger
|
||||
db *Database
|
||||
maxUploadSize int64
|
||||
}
|
||||
|
||||
func (h *GetProtectedEncryptedWebNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
h.PageData.Err = nil
|
||||
templateName := "protectedNote"
|
||||
|
||||
vars := mux.Vars(r)
|
||||
id := vars["id"]
|
||||
encryptionKey := vars["encryptionKey"]
|
||||
|
||||
h.logger.Debug("parsing multipart form")
|
||||
err := r.ParseMultipartForm(h.maxUploadSize)
|
||||
if err != nil {
|
||||
h.PageData.Err = err
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
|
||||
password := r.FormValue("password")
|
||||
|
||||
note, err := h.db.Get(id)
|
||||
|
||||
if err != nil {
|
||||
h.PageData.Err = err
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
|
||||
if note == nil {
|
||||
h.PageData.Err = fmt.Errorf("note doesn't exist or has been deleted")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
|
||||
if err := bcrypt.CompareHashAndPassword(note.PasswordHash, []byte(password)); err != nil {
|
||||
h.PageData.Err = fmt.Errorf("invalid password")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
|
||||
if encryptionKey != "" && note.Encrypted {
|
||||
note.Content, err = internal.Decrypt(note.Content, encryptionKey)
|
||||
if err != nil {
|
||||
h.PageData.Err = fmt.Errorf("could not decrypt note")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
h.PageData.Note = note
|
||||
|
||||
h.logger.Debug("rendering encrypted note web page")
|
||||
h.Templates.ExecuteTemplate(w, templateName, h.PageData)
|
||||
}
|
||||
|
||||
type ClientsHandler struct {
|
||||
Templates *template.Template
|
||||
PageData PageData
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue