sus/main.go

package main

import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/hex"
	"fmt"
	"io"
	"log"
	"net/http"
	"os"

	"github.com/go-redis/redis/v8"
	"github.com/gorilla/mux"
	"golang.org/x/net/context"
)

var client = redis.NewClient(&redis.Options{
	Addr:     "redis:6379",
	Password: "",
	DB:       0,
})

var SECRET string

func main() {
	r := mux.NewRouter()
	r.HandleFunc("/{shortlink}", shortlinkHandler)
	r.HandleFunc("/", indexHandler)

	listenAddress := "0.0.0.0:80"

	if p, ok := os.LookupEnv("LISTEN_ADDRESS"); ok {
		listenAddress = p
	}

	if p, ok := os.LookupEnv("SECRET"); ok {
		SECRET = p
	}

	log.Fatal(http.ListenAndServe(listenAddress, r))
}

func indexHandler(w http.ResponseWriter, r *http.Request) {
	fmt.Println("indexHandler called")
	if r.Method != "POST" {
		http.Redirect(w, r, "http://alv.cx", 302)
		return
	}

	r.ParseForm()

	command := r.PostForm.Get("Command")
	shortlink := r.PostForm.Get("Shortlink")
	value := r.PostForm.Get("Value")
	fmt.Println(shortlink)
	fmt.Println(value)

	signature := r.Header.Get("Signature")
	calculatedSignature := fmt.Sprintf(
		"SUS-SIGNATURE-%v",
		getSha256HMACSignature(
			[]byte(SECRET),
			command+":"+shortlink+":"+value,
		),
	)

	if signature != calculatedSignature {
		fmt.Println("signature do no match")
		fmt.Println(signature)
		fmt.Println(calculatedSignature)
		w.WriteHeader(401)
		w.Write([]byte("401 Unauthorized"))
		return
	}

	if command == "create" {

		ctx := context.Background()
		_, err := client.Get(ctx, shortlink).Result()
		if err == redis.Nil {
			fmt.Printf("shortlink: %v, value: %v", shortlink, value)
			err = client.Set(ctx, shortlink, value, 0).Err()

			if err != nil {
				fmt.Println(err)
				w.WriteHeader(500)
				w.Write([]byte("500 Internal Server Error"))
				return
			}

			w.WriteHeader(200)
			w.Write([]byte("200 Success"))

			return

		} else if err != nil {
			fmt.Println(err)
			w.WriteHeader(500)
			w.Write([]byte("500 Internal Server Error"))
			return
		}

		fmt.Println(err)
		w.WriteHeader(403)
		w.Write([]byte("403 Forbidden"))
		return
	}

	if command == "delete" {
		if value != "confirm" {
			w.WriteHeader(400)
			w.Write([]byte("400 Bad Request"))
		}

		ctx := context.Background()
		if err := client.Del(ctx, shortlink).Err(); err != nil {
			w.WriteHeader(500)
			w.Write([]byte("500 Internal Server Error"))
		}
	}
}

func shortlinkHandler(w http.ResponseWriter, r *http.Request) {
	fmt.Println("shortlinkHandler called")
	shortlink := string(mux.Vars(r)["shortlink"])
	ctx := context.Background()
	redirect, err := client.Get(ctx, shortlink).Result()
	fmt.Printf("shortlink: %v, redirect: %v\n", shortlink, redirect)
	if err == redis.Nil {
		w.WriteHeader(404)
		w.Write([]byte("404 Not Found"))
		return
	} else if err != nil {
		fmt.Println(err)
		w.WriteHeader(500)
		w.Write([]byte("500 Internal Server Error"))
		return
	}

	http.Redirect(w, r, redirect, 302)
	return
}

func getSha256HMACSignature(secret []byte, data string) string {
	h := hmac.New(sha256.New, secret)
	io.WriteString(h, data)
	return hex.EncodeToString(h.Sum(nil))
}
initial commit 2022-05-26 01:08:50 +00:00			`package main`

			`import (`
			`"crypto/hmac"`
			`"crypto/sha256"`
			`"encoding/hex"`
			`"fmt"`
			`"io"`
			`"log"`
			`"net/http"`
			`"os"`

			`"github.com/go-redis/redis/v8"`
			`"github.com/gorilla/mux"`
			`"golang.org/x/net/context"`
			`)`

			`var client = redis.NewClient(&redis.Options{`
			`Addr: "redis:6379",`
			`Password: "",`
			`DB: 0,`
			`})`

			`var SECRET string`

			`func main() {`
			`r := mux.NewRouter()`
			`r.HandleFunc("/{shortlink}", shortlinkHandler)`
			`r.HandleFunc("/", indexHandler)`

			`listenAddress := "0.0.0.0:80"`

			`if p, ok := os.LookupEnv("LISTEN_ADDRESS"); ok {`
			`listenAddress = p`
			`}`

			`if p, ok := os.LookupEnv("SECRET"); ok {`
			`SECRET = p`
			`}`

			`log.Fatal(http.ListenAndServe(listenAddress, r))`
			`}`

			`func indexHandler(w http.ResponseWriter, r *http.Request) {`
			`fmt.Println("indexHandler called")`
			`if r.Method != "POST" {`
			`http.Redirect(w, r, "http://alv.cx", 302)`
			`return`
			`}`

			`r.ParseForm()`

			`command := r.PostForm.Get("Command")`
			`shortlink := r.PostForm.Get("Shortlink")`
			`value := r.PostForm.Get("Value")`
			`fmt.Println(shortlink)`
			`fmt.Println(value)`

			`signature := r.Header.Get("Signature")`
			`calculatedSignature := fmt.Sprintf(`
			`"SUS-SIGNATURE-%v",`
			`getSha256HMACSignature(`
			`[]byte(SECRET),`
			`command+":"+shortlink+":"+value,`
			`),`
			`)`

			`if signature != calculatedSignature {`
			`fmt.Println("signature do no match")`
			`fmt.Println(signature)`
			`fmt.Println(calculatedSignature)`
			`w.WriteHeader(401)`
			`w.Write([]byte("401 Unauthorized"))`
			`return`
			`}`

			`if command == "create" {`

			`ctx := context.Background()`
			`_, err := client.Get(ctx, shortlink).Result()`
			`if err == redis.Nil {`
			`fmt.Printf("shortlink: %v, value: %v", shortlink, value)`
			`err = client.Set(ctx, shortlink, value, 0).Err()`

			`if err != nil {`
			`fmt.Println(err)`
			`w.WriteHeader(500)`
			`w.Write([]byte("500 Internal Server Error"))`
			`return`
			`}`

			`w.WriteHeader(200)`
			`w.Write([]byte("200 Success"))`

			`return`

			`} else if err != nil {`
			`fmt.Println(err)`
			`w.WriteHeader(500)`
			`w.Write([]byte("500 Internal Server Error"))`
			`return`
			`}`

			`fmt.Println(err)`
			`w.WriteHeader(403)`
			`w.Write([]byte("403 Forbidden"))`
			`return`
			`}`

			`if command == "delete" {`
			`if value != "confirm" {`
			`w.WriteHeader(400)`
			`w.Write([]byte("400 Bad Request"))`
			`}`

			`ctx := context.Background()`
			`if err := client.Del(ctx, shortlink).Err(); err != nil {`
			`w.WriteHeader(500)`
			`w.Write([]byte("500 Internal Server Error"))`
			`}`
			`}`
			`}`

			`func shortlinkHandler(w http.ResponseWriter, r *http.Request) {`
			`fmt.Println("shortlinkHandler called")`
			`shortlink := string(mux.Vars(r)["shortlink"])`
			`ctx := context.Background()`
			`redirect, err := client.Get(ctx, shortlink).Result()`
			`fmt.Printf("shortlink: %v, redirect: %v\n", shortlink, redirect)`
			`if err == redis.Nil {`
			`w.WriteHeader(404)`
			`w.Write([]byte("404 Not Found"))`
			`return`
			`} else if err != nil {`
			`fmt.Println(err)`
			`w.WriteHeader(500)`
			`w.Write([]byte("500 Internal Server Error"))`
			`return`
			`}`

			`http.Redirect(w, r, redirect, 302)`
			`return`
			`}`

			`func getSha256HMACSignature(secret []byte, data string) string {`
			`h := hmac.New(sha256.New, secret)`
			`io.WriteString(h, data)`
			`return hex.EncodeToString(h.Sum(nil))`
			`}`