feat: add env-based configuration and token-in-cookie auth
Implement 12-factor configuration via environment variables and token-in-cookie authentication for Gitea API access. - internal/config/config.go: reads GITEA_URL, GITEA_TOKEN, LISTEN_ADDR, SESSION_SECRET from environment with validation - internal/auth/cookie.go: HMAC-signed HTTP-only cookie for storing Gitea API tokens (Secure, SameSite=Strict) - internal/middleware/auth.go: extracts token from cookie, injects into request context, redirects unauthenticated users to /settings - internal/middleware/logging.go: structured JSON request logging - internal/handlers/settings.go: settings page for entering/removing Gitea API token with mobile-first dark UI - cmd/server/main.go: integrated config, auth middleware, and settings Includes unit tests for config loading, cookie signing/verification, and auth middleware bypass/redirect logic. Closes leeworks-agents/gitea-mobile#2 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
agent-company
+38
-6
@@ -3,30 +3,62 @@ package main
|
||||
import (
|
||||
"fmt"
|
||||
"log"
|
||||
"log/slog"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"gitea.leeworks.dev/0xwheatyz/gitea-mobile/internal/config"
|
||||
"gitea.leeworks.dev/0xwheatyz/gitea-mobile/internal/handlers"
|
||||
"gitea.leeworks.dev/0xwheatyz/gitea-mobile/internal/middleware"
|
||||
)
|
||||
|
||||
func main() {
|
||||
addr := os.Getenv("LISTEN_ADDR")
|
||||
if addr == "" {
|
||||
addr = ":8080"
|
||||
// Set up structured logging.
|
||||
slog.SetDefault(slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{
|
||||
Level: slog.LevelInfo,
|
||||
})))
|
||||
|
||||
cfg, err := config.Load()
|
||||
if err != nil {
|
||||
log.Fatalf("configuration error: %v", err)
|
||||
}
|
||||
|
||||
// Determine if cookies should be marked Secure (disable for local dev).
|
||||
secureCookies := !strings.HasPrefix(cfg.ListenAddr, "localhost") &&
|
||||
!strings.HasPrefix(cfg.ListenAddr, "127.0.0.1")
|
||||
|
||||
mux := http.NewServeMux()
|
||||
|
||||
// Health endpoint (no auth required).
|
||||
mux.HandleFunc("GET /health", func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
fmt.Fprintln(w, "ok")
|
||||
})
|
||||
|
||||
// Settings handler.
|
||||
settingsHandler := &handlers.SettingsHandler{
|
||||
SessionSecret: cfg.SessionSecret,
|
||||
SecureCookies: secureCookies,
|
||||
}
|
||||
mux.HandleFunc("/settings", settingsHandler.ServeHTTP)
|
||||
|
||||
// Static file server.
|
||||
mux.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("static"))))
|
||||
|
||||
// Placeholder dashboard (will be replaced in issue #4/#5).
|
||||
mux.HandleFunc("GET /", func(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
fmt.Fprintln(w, "<h1>Gitea Mobile</h1><p>Coming soon.</p>")
|
||||
fmt.Fprintln(w, "<h1>Gitea Mobile</h1><p>Dashboard coming soon.</p>")
|
||||
})
|
||||
|
||||
log.Printf("listening on %s", addr)
|
||||
if err := http.ListenAndServe(addr, mux); err != nil {
|
||||
// Apply middleware chain: logging -> auth.
|
||||
var handler http.Handler = mux
|
||||
handler = middleware.Auth(cfg.SessionSecret)(handler)
|
||||
handler = middleware.Logging()(handler)
|
||||
|
||||
slog.Info("server starting", "addr", cfg.ListenAddr, "gitea_url", cfg.GiteaURL)
|
||||
if err := http.ListenAndServe(cfg.ListenAddr, handler); err != nil {
|
||||
log.Fatalf("server error: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user