feat: add env-based configuration and token-in-cookie auth
Implement 12-factor configuration via environment variables and token-in-cookie authentication for Gitea API access. - internal/config/config.go: reads GITEA_URL, GITEA_TOKEN, LISTEN_ADDR, SESSION_SECRET from environment with validation - internal/auth/cookie.go: HMAC-signed HTTP-only cookie for storing Gitea API tokens (Secure, SameSite=Strict) - internal/middleware/auth.go: extracts token from cookie, injects into request context, redirects unauthenticated users to /settings - internal/middleware/logging.go: structured JSON request logging - internal/handlers/settings.go: settings page for entering/removing Gitea API token with mobile-first dark UI - cmd/server/main.go: integrated config, auth middleware, and settings Includes unit tests for config loading, cookie signing/verification, and auth middleware bypass/redirect logic. Closes leeworks-agents/gitea-mobile#2 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
agent-company
@@ -0,0 +1,177 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"html/template"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"gitea.leeworks.dev/0xwheatyz/gitea-mobile/internal/auth"
|
||||
"gitea.leeworks.dev/0xwheatyz/gitea-mobile/internal/middleware"
|
||||
)
|
||||
|
||||
var settingsTemplate = template.Must(template.New("settings").Parse(`<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover">
|
||||
<title>Settings — Gitea Mobile</title>
|
||||
<style>
|
||||
* { box-sizing: border-box; margin: 0; padding: 0; }
|
||||
body {
|
||||
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
|
||||
background: #0d1117; color: #e6edf3;
|
||||
padding: 1rem;
|
||||
padding-top: max(1rem, env(safe-area-inset-top));
|
||||
}
|
||||
h1 { font-size: 1.5rem; margin-bottom: 1rem; }
|
||||
.card {
|
||||
background: #161b22; border: 1px solid #30363d; border-radius: 8px;
|
||||
padding: 1rem; margin-bottom: 1rem;
|
||||
}
|
||||
label { display: block; font-size: 0.875rem; color: #8b949e; margin-bottom: 0.5rem; }
|
||||
input[type="text"], input[type="password"] {
|
||||
width: 100%; padding: 0.5rem; font-size: 1rem;
|
||||
background: #0d1117; border: 1px solid #30363d; border-radius: 6px;
|
||||
color: #e6edf3; margin-bottom: 1rem;
|
||||
}
|
||||
input:focus { outline: none; border-color: #58a6ff; }
|
||||
button {
|
||||
width: 100%; padding: 0.75rem; font-size: 1rem; font-weight: 600;
|
||||
background: #238636; color: #fff; border: none; border-radius: 6px;
|
||||
cursor: pointer;
|
||||
}
|
||||
button:active { background: #2ea043; }
|
||||
.message {
|
||||
padding: 0.75rem; border-radius: 6px; margin-bottom: 1rem;
|
||||
font-size: 0.875rem;
|
||||
}
|
||||
.message.success { background: #0d2818; border: 1px solid #238636; color: #3fb950; }
|
||||
.message.error { background: #2d1117; border: 1px solid #da3633; color: #f85149; }
|
||||
.message.info { background: #0c1d2e; border: 1px solid #1f6feb; color: #58a6ff; }
|
||||
.hint { font-size: 0.75rem; color: #8b949e; margin-top: 0.25rem; margin-bottom: 1rem; }
|
||||
.status { font-size: 0.875rem; color: #8b949e; }
|
||||
.status .connected { color: #3fb950; }
|
||||
.logout-btn {
|
||||
background: #21262d; border: 1px solid #30363d; margin-top: 0.5rem;
|
||||
}
|
||||
.logout-btn:active { background: #30363d; }
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Settings</h1>
|
||||
|
||||
{{if .Message}}
|
||||
<div class="message {{.MessageType}}">{{.Message}}</div>
|
||||
{{end}}
|
||||
|
||||
{{if .HasToken}}
|
||||
<div class="card">
|
||||
<p class="status">Status: <span class="connected">Connected</span></p>
|
||||
<p class="hint">A Gitea API token is configured.</p>
|
||||
<form method="POST" action="/settings">
|
||||
<input type="hidden" name="action" value="logout">
|
||||
<button type="submit" class="logout-btn">Remove Token</button>
|
||||
</form>
|
||||
</div>
|
||||
{{end}}
|
||||
|
||||
<div class="card">
|
||||
<form method="POST" action="/settings">
|
||||
<input type="hidden" name="action" value="save">
|
||||
<label for="token">Gitea API Token</label>
|
||||
<input type="password" id="token" name="token" placeholder="Enter your Gitea API token" required>
|
||||
<p class="hint">Generate a token at your Gitea instance under Settings → Applications.</p>
|
||||
<button type="submit">{{if .HasToken}}Update Token{{else}}Save Token{{end}}</button>
|
||||
</form>
|
||||
</div>
|
||||
|
||||
{{if .HasToken}}
|
||||
<p style="text-align:center; margin-top:1rem;">
|
||||
<a href="/" style="color:#58a6ff; text-decoration:none;">Back to Dashboard</a>
|
||||
</p>
|
||||
{{end}}
|
||||
</body>
|
||||
</html>`))
|
||||
|
||||
// SettingsHandler handles GET and POST requests for the settings page.
|
||||
type SettingsHandler struct {
|
||||
SessionSecret string
|
||||
SecureCookies bool
|
||||
}
|
||||
|
||||
type settingsData struct {
|
||||
HasToken bool
|
||||
Message string
|
||||
MessageType string // "success", "error", "info"
|
||||
}
|
||||
|
||||
// ServeHTTP handles the settings page.
|
||||
func (h *SettingsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
switch r.Method {
|
||||
case http.MethodGet:
|
||||
h.handleGet(w, r)
|
||||
case http.MethodPost:
|
||||
h.handlePost(w, r)
|
||||
default:
|
||||
http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
|
||||
}
|
||||
}
|
||||
|
||||
func (h *SettingsHandler) handleGet(w http.ResponseWriter, r *http.Request) {
|
||||
hasToken := false
|
||||
if token := middleware.TokenFromContext(r.Context()); token != "" {
|
||||
hasToken = true
|
||||
} else if _, err := auth.GetToken(r, h.SessionSecret); err == nil {
|
||||
hasToken = true
|
||||
}
|
||||
|
||||
data := settingsData{HasToken: hasToken}
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
settingsTemplate.Execute(w, data)
|
||||
}
|
||||
|
||||
func (h *SettingsHandler) handlePost(w http.ResponseWriter, r *http.Request) {
|
||||
if err := r.ParseForm(); err != nil {
|
||||
h.renderWithMessage(w, r, "Failed to parse form.", "error")
|
||||
return
|
||||
}
|
||||
|
||||
action := r.FormValue("action")
|
||||
|
||||
switch action {
|
||||
case "logout":
|
||||
auth.ClearTokenCookie(w, h.SecureCookies)
|
||||
h.renderWithMessage(w, r, "Token removed successfully.", "success")
|
||||
return
|
||||
|
||||
case "save":
|
||||
token := strings.TrimSpace(r.FormValue("token"))
|
||||
if token == "" {
|
||||
h.renderWithMessage(w, r, "Token cannot be empty.", "error")
|
||||
return
|
||||
}
|
||||
|
||||
auth.SetTokenCookie(w, token, h.SessionSecret, h.SecureCookies)
|
||||
// After saving, redirect to dashboard.
|
||||
http.Redirect(w, r, "/", http.StatusSeeOther)
|
||||
return
|
||||
|
||||
default:
|
||||
h.renderWithMessage(w, r, "Unknown action.", "error")
|
||||
}
|
||||
}
|
||||
|
||||
func (h *SettingsHandler) renderWithMessage(w http.ResponseWriter, r *http.Request, msg, msgType string) {
|
||||
hasToken := false
|
||||
if _, err := auth.GetToken(r, h.SessionSecret); err == nil {
|
||||
hasToken = true
|
||||
}
|
||||
|
||||
data := settingsData{
|
||||
HasToken: hasToken,
|
||||
Message: msg,
|
||||
MessageType: msgType,
|
||||
}
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
settingsTemplate.Execute(w, data)
|
||||
}
|
||||
Reference in New Issue
Block a user