Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: ifad/clammit
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: master
Choose a base ref
...
head repository: dBildungsplattform/clammit
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 6 commits
  • 3 files changed
  • 1 contributor

Commits on Aug 30, 2024

  1. Integrated auth

    dimapin committed Aug 30, 2024
    Copy the full SHA
    44a406f View commit details
  2. Merge pull request #1 from dBildungsplattform/integrate-auth

    Integrated auth
    dimapin authored Aug 30, 2024
    Copy the full SHA
    45fa323 View commit details

Commits on Sep 2, 2024

  1. Fixed if condition

    dimapin committed Sep 2, 2024
    Copy the full SHA
    e8942d0 View commit details
  2. Merge pull request #2 from dBildungsplattform/integrate-auth

    Fixed if condition
    dimapin authored Sep 2, 2024
    Copy the full SHA
    a9ccd68 View commit details
  3. Fixed authhandler

    dimapin committed Sep 2, 2024
    Copy the full SHA
    d65d4c8 View commit details
  4. Merge pull request #3 from dBildungsplattform/integrate-auth

    Fixed authhandler
    dimapin authored Sep 2, 2024
    Copy the full SHA
    60bb611 View commit details
Showing with 52 additions and 2 deletions.
  1. +1 −0 go.mod
  2. +2 −0 go.sum
  3. +49 −2 main.go
1 change: 1 addition & 0 deletions go.mod
Original file line number Diff line number Diff line change
@@ -4,6 +4,7 @@ go 1.21

require (
github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e
github.com/golang-jwt/jwt/v5 v5.2.1
github.com/stretchr/testify v1.9.0
gopkg.in/gcfg.v1 v1.2.3
)
2 changes: 2 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
@@ -3,6 +3,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e h1:rcHHSQqzCgvlwP0I/fQ8rQMn/MpHE5gWSLdtpxtP6KQ=
github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e/go.mod h1:Byz7q8MSzSPkouskHJhX0er2mZY/m0Vj5bMeMCkkyY4=
github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
51 changes: 49 additions & 2 deletions main.go
Original file line number Diff line number Diff line change
@@ -23,6 +23,7 @@ import (
"strings"
"syscall"

"github.com/golang-jwt/jwt/v5"
"gopkg.in/gcfg.v1"
)

@@ -120,6 +121,8 @@ var ctx *Ctx
var configFile string
var EICAR = []byte(`X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*`)

var secretKey = []byte("secret-key")

func init() {
flag.StringVar(&configFile, "config", "", "Configuration file")
}
@@ -144,7 +147,7 @@ func main() {
runtime.GOMAXPROCS(ctx.Config.App.NumThreads)

startLogging()

secretKey = []byte(getEnv("CLAMMIT_JWT_SECRET_KEY", "secret-key"))
/*
* Construct objects, validate the URLs
*/
@@ -164,7 +167,6 @@ func main() {
* Set up the HTTP server
*/
router := http.NewServeMux()

router.HandleFunc("/clammit", infoHandler)
router.HandleFunc("/clammit/scan", scanHandler)
router.HandleFunc("/clammit/readyz", readyzHandler)
@@ -231,6 +233,35 @@ func getBoolEnv(key string, fallback bool) bool {
return fallback
}

func getTokenFromCookie(w http.ResponseWriter, r *http.Request, cookieName string) (string, error) {
cookie, err := r.Cookie(cookieName)
if err != nil {
if err == http.ErrNoCookie {
w.WriteHeader(http.StatusUnauthorized)
return "", err
}
w.WriteHeader(http.StatusBadRequest)
return "", err
}

return cookie.Value, nil
}

func verifyToken(tokenString string) error {
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
return secretKey, nil
})

if err != nil {
return err
}

if !token.Valid {
return fmt.Errorf("invalid token")
}
return nil
}

/*
* Sets the configuration from the file and environment variables
*/
@@ -374,6 +405,22 @@ func scanHandler(w http.ResponseWriter, req *http.Request) {
}
ctx.ActivityChan <- 1
defer func() { ctx.ActivityChan <- -1 }()
// Authentication logic
if string(secretKey) != "secret-key" {
cookieName := "jwt"
token, err := getTokenFromCookie(w, req, cookieName)
if err != nil {
log.Fatalf("Not authenticated")
w.WriteHeader(http.StatusUnauthorized)
return
}
err2 := verifyToken(token)
if err2 != nil {
log.Fatalf("Token not valid")
w.WriteHeader(http.StatusUnauthorized)
return
}
}

if !ctx.ScanInterceptor.Handle(w, req, req.Body) {
w.Write([]byte("No virus found"))