-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathserver.go
123 lines (110 loc) · 3.51 KB
/
server.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package main
import (
"fmt"
"strconv"
"net/http"
"encoding/json"
"net/url"
"strings"
"time"
"github.com/gorilla/mux"
"math/rand"
jwt "github.com/dgrijalva/jwt-go"
"github.com/rs/cors"
)
var accountSid = "ACXXXX"
var authToken = "XXXXXX"
var TwilioAPI = "https://api.twilio.com/2010-04-01/Accounts/"+accountSid+"/Messages.json"
func sendSMS(number string, code string) {
//https://www.twilio.com/blog/2017/09/send-text-messages-golang.html
msgData := url.Values{}
msgData.Set("To",number)
msgData.Set("From","13371337")
msgData.Set("Body","Your one time code is"+code)
msgDataReader := *strings.NewReader(msgData.Encode())
client := &http.Client{}
req, _ := http.NewRequest("POST", TwilioAPI, &msgDataReader)
req.SetBasicAuth(accountSid, authToken)
req.Header.Add("Accept", "application/json")
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
resp, _ := client.Do(req)
if (resp.StatusCode >= 200 && resp.StatusCode < 300) {
var data map[string]interface{}
decoder := json.NewDecoder(resp.Body)
err := decoder.Decode(&data)
if (err == nil) {
fmt.Println(data["sid"])
}
} else {
fmt.Println(resp.Status);
}
}
var GenerateCodeHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request){
w.Header().Set("Content-Type", "application/json")
vars := mux.Vars(r)
fmt.Println(vars["number"])
code := fmt.Sprintf("%06d",rand.Intn(100000))
// send code via SMS to Twillio
//
token := jwt.NewWithClaims(jwt.SigningMethodHS256,jwt.MapClaims{
"code": code,
})
tokenString, _ := token.SignedString(Secret)
cookie := http.Cookie{
Name: "mfa_auth",
Value: tokenString,
Expires: time.Now().AddDate(0, 0, 1),
HttpOnly: false,
Secure: false,
}
http.SetCookie(w,&cookie)
w.Write([]byte("{}"))
})
var StatusHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request){
w.Header().Set("Content-Type", "application/json")
w.Write([]byte("{\"secret\":\""+string(Secret)+"\",\"startime\":\""+strconv.FormatInt(StartTime,10)+"\"}"))
})
var OkHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request){
w.Header().Set("Content-Type", "application/json")
})
var VerifyCodeHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request){
w.Header().Set("Content-Type", "application/json")
tokenString,err := r.Cookie("mfa_auth")
if err!=nil {
http.Error(w, "{\"result\":\"fail\"}", 401)
return
}
token, _ := jwt.Parse(tokenString.Value, func(token *jwt.Token) (interface{}, error) {
return Secret, nil
})
if claims, ok := token.Claims.(jwt.MapClaims); ok {
vars := mux.Vars(r)
if ((claims["code"] != "") &&(claims["code"] == vars["code"])) {
w.Write([]byte("{\"result\":\"success\"}"))
return
} else {
http.Error(w, "{\"result\":\"fail\"}", 401)
return
}
} else {
http.Error(w, "{\"result\":\"fail\"}", 401)
return
}
})
var StartTime = time.Now().Unix()
var Secret = []byte("secret")
func main() {
//var StartTime= time.Now().Unix()
rand.Seed(StartTime)
r := mux.NewRouter()
r.HandleFunc("/generate_code", GenerateCodeHandler)
r.HandleFunc("/verify_code/{code}", VerifyCodeHandler)
r.HandleFunc("/_status", StatusHandler)
r.HandleFunc("/", OkHandler)
c := cors.New(cors.Options{
AllowCredentials: true,
AllowedMethods: []string{"GET", "POST", "PUT", "DELETE"},
})
r_c:= c.Handler(r)
http.ListenAndServe("0.0.0.0:8080", r_c)
}