|
|
|
@ -14,6 +14,7 @@ import ( |
|
|
|
|
|
|
|
"github.com/gorilla/mux" |
|
|
|
"github.com/gorilla/sessions" |
|
|
|
"golang.org/x/crypto/bcrypt" |
|
|
|
) |
|
|
|
|
|
|
|
func CheckAuth(w http.ResponseWriter, r *http.Request) bool { |
|
|
|
@ -107,6 +108,21 @@ func AdminView(w http.ResponseWriter, r *http.Request) { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
func comparePasswords(hashedPwd, plainPwd string) bool { |
|
|
|
var ( |
|
|
|
e error |
|
|
|
) |
|
|
|
e = bcrypt.CompareHashAndPassword( |
|
|
|
[]byte(hashedPwd), |
|
|
|
[]byte(plainPwd), |
|
|
|
) |
|
|
|
if e != nil { |
|
|
|
return false |
|
|
|
} |
|
|
|
|
|
|
|
return true |
|
|
|
} |
|
|
|
|
|
|
|
func AdminLogin(w http.ResponseWriter, r *http.Request) { |
|
|
|
var ( |
|
|
|
session *sessions.Session |
|
|
|
@ -154,7 +170,7 @@ func AdminLogin(w http.ResponseWriter, r *http.Request) { |
|
|
|
username = r.FormValue("username") |
|
|
|
password = r.FormValue("password") |
|
|
|
|
|
|
|
if username != Variables.AdminPassword && password != Variables.AdminPassword { |
|
|
|
if username != Variables.AdminPassword && !comparePasswords(Variables.AdminPassword, password) { |
|
|
|
session.AddFlash("Invalid Username or Password") |
|
|
|
e = session.Save(r, w) |
|
|
|
if e != nil { |
|
|
|
|
Tovi Jaeschke-Rogers
3 years ago