refactoring and cleanups

ajmandourah · Oct 16, 2024 · 96548d9 · 96548d9
1 parent e43f60f
commit 96548d9
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 24 deletions.
diff --git a/main.go b/main.go
@@ -10,7 +10,6 @@ import (
 	"os"
 	"os/signal"
 	"strconv"
-	"strings"
 	"time"
 
 	"github.com/ajmandourah/tinshop-ng/api"
@@ -23,7 +22,6 @@ import (
 	"github.com/ajmandourah/tinshop-ng/utils"
 	"github.com/goji/httpauth"
 	"github.com/gorilla/mux"
-	"golang.org/x/crypto/bcrypt"
 )
 
 //go:embed assets/*
@@ -105,10 +103,13 @@ func createShop() TinShop {
 	r.HandleFunc("/games/{game}", shop.GamesHandler)
 	r.NotFoundHandler = http.HandlerFunc(notFound)
 	r.MethodNotAllowedHandler = http.HandlerFunc(notAllowed)
-	// r.Use(shop.StatsMiddleware)
+
 
-	authRoute.Use(httpauth.BasicAuth(authOpts))
+	if len(shop.Shop.Config.Get_Httpauth()) != 0 {
+		authRoute.Use(httpauth.BasicAuth(authOpts))
+	}
 
+	// r.Use(shop.StatsMiddleware)
 	r.Use(shop.TinfoilMiddleware)
 	r.Use(shop.CORSMiddleware)
 	http.Handle("/", r)
@@ -266,19 +267,3 @@ func (s *TinShop) StatsMiddleware(next http.Handler) http.Handler {
 	})
 }
 
-// HttpAuthCheck function checks for correct credentials
-func HttpAuthCheck(user ,pass string, r *http.Request) bool {
-	for _,cred := range creds {
-		splitted := strings.Split(cred,":")
-		if splitted[0] == user {
-			err := bcrypt.CompareHashAndPassword([]byte(splitted[1]),[]byte(pass))
-			if err == nil {
-				return true
-			}
-
-		}
-	}
-	log.Println("An attempt to access the shop with username: ", user)
-	return false
-
-}
diff --git a/security.go b/security.go
@@ -7,6 +7,7 @@ import (
 	"strings"
 
 	"github.com/ajmandourah/tinshop-ng/utils"
+	"golang.org/x/crypto/bcrypt"
 )
 
 // CORSMiddleware is a middleware to ensure right CORS headers
@@ -38,16 +39,14 @@ func (s *TinShop) TinfoilMiddleware(next http.Handler) http.Handler {
 			return
 		}
 
-		log.Println(s.Shop.Config.Get_Hauth())
-
 		//Show Hauth for the specefied host
 		//tinfoil sends requests appending "/" at the end
 		if r.RequestURI == "/hauth/" && r.Header.Get("Hauth") != "" {
 			log.Println("HAUTH for ", s.Shop.Config.Host(), " is: ", headers["Hauth"])
 			return
 		}
-
-		if r.RequestURI == "/" || utils.IsValidFilter(cleanPath(r.RequestURI)) {
+		if r.RequestURI == "/" || utils.IsValidFilter(cleanPath(r.RequestURI)) || strings.Contains(r.RequestURI,"/games/") {
+
 			// Check for blacklist/whitelist
 			var uid = strings.Join(headers["Uid"], "")
 			if s.Shop.Config.IsBlacklisted(uid) {
@@ -126,3 +125,20 @@ func cleanPath(path string) string {
 	}
 	return actualPath
 }
+
+// HttpAuthCheck function checks for correct credentials
+func HttpAuthCheck(user ,pass string, r *http.Request) bool {
+	for _,cred := range creds {
+		splitted := strings.Split(cred,":")
+		if splitted[0] == user {
+			err := bcrypt.CompareHashAndPassword([]byte(splitted[1]),[]byte(pass))
+			if err == nil {
+				return true
+			}
+
+		}
+	}
+	log.Println("An attempt to access the shop with username: ", user)
+	return false
+
+}