work on asoul-sig#11

README.md

@@ -4,7 +4,7 @@
 
 Peach is a web server for multi-language, real-time synchronization and searchable documentation.
 
-#### Current version: 0.8.3
+#### Current version: 0.9.0
 
 ## Getting Help
 

cmd/web.go

@@ -69,7 +69,7 @@ func runWeb(ctx *cli.Context) {
 	m.Get("/", routers.Home)
 	m.Get("/docs", routers.Docs)
 	m.Get("/docs/images/*", routers.DocsStatic)
-	m.Get("/docs/*", routers.Docs)
+	m.Get("/docs/*", routers.Protect, routers.Docs)
 	m.Post("/hook", routers.Hook)
 	m.Get("/search", routers.Search)
 	m.Get("/*", routers.Pages)

models/doc.go

@@ -15,6 +15,8 @@
 package models
 
 import (
+	"os"
+
 	"github.com/Unknwon/com"
 	"github.com/Unknwon/log"
 
@@ -53,3 +55,15 @@ func initDocs(tocs map[string]*Toc, localRoot string) {
 		initLangDocs(tocs, localRoot, lang)
 	}
 }
+
+func NewContext() {
+	if com.IsExist(HTMLRoot) {
+		if err := os.RemoveAll(HTMLRoot); err != nil {
+			log.Fatal("Fail to clean up HTMLRoot: %v", err)
+		}
+	}
+
+	if err := ReloadDocs(); err != nil {
+		log.Fatal("Fail to init docs: %v", err)
+	}
+}

models/protect.go

@@ -0,0 +1,72 @@
+// Copyright 2015 Unknwon
+//
+// Licensed under the Apache License, Version 2.0 (the "License"): you may
+// not use this file except in compliance with the License. You may obtain
+// a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations
+// under the License.
+
+package models
+
+import (
+	"fmt"
+	"path"
+	"strings"
+	"sync"
+
+	"github.com/Unknwon/com"
+	"gopkg.in/ini.v1"
+)
+
+type protector struct {
+	lock          sync.Mutex
+	HasProtection bool
+	Users         map[string]string
+	Resources     map[string]map[string]bool
+}
+
+var (
+	Protector = &protector{
+		Users:     make(map[string]string),
+		Resources: make(map[string]map[string]bool),
+	}
+)
+
+func reloadProtects(localRoot string) error {
+	Protector.lock.Lock()
+	defer Protector.lock.Unlock()
+
+	protectPath := path.Join(localRoot, "protect.ini")
+	if !com.IsFile(protectPath) {
+		return nil
+	}
+
+	Protector.HasProtection = true
+
+	cfgs, err := ini.Load(protectPath)
+	if err != nil {
+		return fmt.Errorf("Fail to load protect.ini: %v", err)
+	}
+
+	for _, k := range cfgs.Section("user").Keys() {
+		Protector.Users[k.Name()] = strings.ToLower(k.Value())
+	}
+
+	fmt.Println("\nProtected Resources:")
+	for _, k := range cfgs.Section("auth").Keys() {
+		fmt.Println("➜ ", k.Name())
+		Protector.Resources[k.Name()] = make(map[string]bool)
+		for _, name := range k.Strings(",") {
+			fmt.Println("    ✓ ", name)
+			Protector.Resources[k.Name()][name] = true
+		}
+	}
+
+	return nil
+}

models/toc.go

@@ -27,7 +27,6 @@ import (
 	"unicode/utf8"
 
 	"github.com/Unknwon/com"
-	"github.com/Unknwon/log"
 	"github.com/mschoch/blackfriday-text"
 	"github.com/russross/blackfriday"
 	"gopkg.in/ini.v1"
@@ -251,7 +250,7 @@ func (t *Toc) Search(q string) []*SearchResult {
 }
 
 var (
-	tocLocker = sync.RWMutex{}
+	tocLocker = sync.Mutex{}
 	Tocs      map[string]*Toc
 )
 
@@ -369,17 +368,5 @@ func ReloadDocs() error {
 	}
 	initDocs(tocs, localRoot)
 	Tocs = tocs
-	return nil
-}
-
-func NewContext() {
-	if com.IsExist(HTMLRoot) {
-		if err := os.RemoveAll(HTMLRoot); err != nil {
-			log.Fatal("Fail to clean up HTMLRoot: %v", err)
-		}
-	}
-
-	if err := ReloadDocs(); err != nil {
-		log.Fatal("Fail to init docs: %v", err)
-	}
+	return reloadProtects(localRoot)
 }

peach.go

@@ -25,7 +25,7 @@ import (
 	"github.com/peachdocs/peach/modules/setting"
 )
 
-const APP_VER = "0.8.3.1116"
+const APP_VER = "0.9.0.1123"
 
 func init() {
 	runtime.GOMAXPROCS(runtime.NumCPU())

public/config.codekit

@@ -1,6 +1,6 @@
 {
 "CodeKitInfo": "This is a CodeKit 2.x project configuration file. It is designed to sync project settings across multiple machines. MODIFYING THE CONTENTS OF THIS FILE IS A POOR LIFE DECISION. If you do so, you will likely cause CodeKit to crash. This file is not useful unless accompanied by the project that created it in CodeKit 2. This file is not backwards-compatible with CodeKit 1.x. For more information, see: http:\/\/incident57.com\/codekit",
-"creatorBuild": "19076",
+"creatorBuild": "19102",
 "files": {
 	"\/css\/highlight-8.7\/default.css": {
 		"fileType": 16,
@@ -9949,10 +9949,18 @@
 			"active": 0,
 			"flagValue": -1
 			},
+		"no_nested_string_interpolation": {
+			"active": 1,
+			"flagValue": -1
+			},
 		"no_plusplus": {
 			"active": 0,
 			"flagValue": -1
 			},
+		"no_private_function_fat_arrows": {
+			"active": 1,
+			"flagValue": -1
+			},
 		"no_stand_alone_at": {
 			"active": 1,
 			"flagValue": -1
@@ -9961,6 +9969,10 @@
 			"active": 1,
 			"flagValue": -1
 			},
+		"no_this": {
+			"active": 0,
+			"flagValue": -1
+			},
 		"no_throwing_strings": {
 			"active": 1,
 			"flagValue": -1

routers/protect.go

@@ -0,0 +1,89 @@
+// Copyright 2015 Unknwon
+//
+// Licensed under the Apache License, Version 2.0 (the "License"): you may
+// not use this file except in compliance with the License. You may obtain
+// a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations
+// under the License.
+
+package routers
+
+import (
+	"crypto/md5"
+	"encoding/base64"
+	"encoding/hex"
+	"strings"
+
+	"github.com/peachdocs/peach/models"
+	"github.com/peachdocs/peach/modules/middleware"
+)
+
+func authRequired(ctx *middleware.Context) {
+	ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=\".\"")
+	ctx.Error(401)
+}
+
+func basicAuthDecode(encoded string) (string, string, error) {
+	s, err := base64.StdEncoding.DecodeString(encoded)
+	if err != nil {
+		return "", "", err
+	}
+
+	auth := strings.SplitN(string(s), ":", 2)
+	return auth[0], auth[1], nil
+}
+
+func encodeMd5(str string) string {
+	m := md5.New()
+	m.Write([]byte(str))
+	return hex.EncodeToString(m.Sum(nil))
+}
+
+func Protect(ctx *middleware.Context) {
+	if !models.Protector.HasProtection {
+		return
+	}
+
+	// Check if resource is protected.
+	allows, yes := models.Protector.Resources[strings.TrimPrefix(ctx.Req.URL.Path, "/docs/")]
+	if !yes {
+		return
+	}
+
+	// Check if auth is presented.
+	authHead := ctx.Req.Header.Get("Authorization")
+	if len(authHead) == 0 {
+		authRequired(ctx)
+		return
+	}
+
+	auths := strings.Fields(authHead)
+	if len(auths) != 2 || auths[0] != "Basic" {
+		ctx.Error(401)
+		return
+	}
+
+	uname, passwd, err := basicAuthDecode(auths[1])
+	if err != nil {
+		ctx.Error(401)
+		return
+	}
+
+	// Check if auth is valid.
+	if models.Protector.Users[uname] != encodeMd5(passwd) {
+		ctx.Error(401)
+		return
+	}
+
+	// Check if user has access to the resource.
+	if !allows[uname] {
+		ctx.Error(403)
+		return
+	}
+}