From e1ee647767ed096b74ad23768179763cb1ebf4a3 Mon Sep 17 00:00:00 2001
From: Bel LaPointe <breel@qualtrics.com>
Date: Tue, 12 May 2020 06:31:16 -0600
Subject: [PATCH] stupid basic auth

---
 cookie.go         | 23 +++++++++++++++++++++++
 pool.go           |  1 +
 public/index.html |  2 +-
 server.go         | 33 +++++++++++++++++++++++++++++----
 ws.go             |  3 +--
 5 files changed, 55 insertions(+), 7 deletions(-)
 create mode 100644 cookie.go

diff --git a/cookie.go b/cookie.go
new file mode 100644
index 0000000..26f974e
--- /dev/null
+++ b/cookie.go
@@ -0,0 +1,23 @@
+package main
+
+import (
+	"net/http"
+	"time"
+)
+
+func getCookie(r *http.Request, k string) string {
+	c, err := r.Cookie(k)
+	if err != nil {
+		return ""
+	}
+	return c.Value
+}
+
+func setCookie(w *http.ResponseWriter, k, v string) {
+	http.SetCookie(*w, &http.Cookie{
+		Name:   k,
+		Value:  v,
+		MaxAge: int(time.Now().Unix() + int64(60*60*24)),
+		Secure: true,
+	})
+}
diff --git a/pool.go b/pool.go
index 5bbf81c..25bb37e 100644
--- a/pool.go
+++ b/pool.go
@@ -19,6 +19,7 @@ func NewPool() *Pool {
 }
 
 func (p *Pool) Broadcast(mt int, r io.Reader) error {
+	// io.MultiWriter exists but I like this
 	b, err := ioutil.ReadAll(r)
 	if err != nil {
 		return err
diff --git a/public/index.html b/public/index.html
index 3f7823a..eba1285 100755
--- a/public/index.html
+++ b/public/index.html
@@ -18,7 +18,7 @@
          border: 1px solid black;
          display: inline-block;
       }
-      #preview { display: none; }
+      #preview { display: block; max-width: 150px; position: absolute; top: 0; right: 0; z-index: 1; }
     </style>
   </head>
 
diff --git a/server.go b/server.go
index 2c691d7..af89d20 100644
--- a/server.go
+++ b/server.go
@@ -1,26 +1,39 @@
 package main
 
 import (
+	"fmt"
 	"log"
 	"net/http"
 	"os"
 	"path"
+	"time"
+
+	"github.com/google/uuid"
+	"golang.org/x/time/rate"
 )
 
 type Server struct {
-	fs http.Handler
-	ws *WS
+	fs      http.Handler
+	ws      *WS
+	limiter *rate.Limiter
+	uuid    string
 }
 
 func New() *Server {
 	fs := http.FileServer(http.Dir(config().GetString("d")))
 	return &Server{
-		fs: fs,
-		ws: NewWS(),
+		fs:      fs,
+		ws:      NewWS(),
+		limiter: rate.NewLimiter(rate.Every(time.Second), 2),
+		uuid:    uuid.New().String(),
 	}
 }
 
 func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	if !s.Authorize(w, r) {
+		return
+	}
+
 	log.Println("ext", path.Ext(r.URL.Path))
 	if path.Ext(r.URL.Path) != "" {
 		s.fs.ServeHTTP(w, r)
@@ -30,3 +43,15 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		s.fs.ServeHTTP(w, r)
 	}
 }
+
+func (s *Server) Authorize(w http.ResponseWriter, r *http.Request) bool {
+	if u, p, ok := r.BasicAuth(); !ok || u != "Q" || p != "Q" {
+		s.limiter.Wait(r.Context())
+		w.Header().Set("WWW-Authenticate", fmt.Sprintf("Basic realm=%q", r.Host))
+		w.Header().Set("Content-Type", "text/plain")
+		w.WriteHeader(http.StatusUnauthorized)
+		w.Write([]byte("Unauthorized"))
+		return false
+	}
+	return true
+}
diff --git a/ws.go b/ws.go
index f331892..1578d66 100644
--- a/ws.go
+++ b/ws.go
@@ -3,7 +3,6 @@ package main
 import (
 	"log"
 	"net/http"
-	"strings"
 	"sync"
 
 	"github.com/google/uuid"
@@ -34,7 +33,7 @@ func (ws *WS) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 }
 
 func (ws *WS) serveHTTP(w http.ResponseWriter, r *http.Request) error {
-	id := strings.Split(r.Header.Get("Cookie"), "=")[1]
+	id := getCookie(r, "id")
 	if len(id) == 0 {
 		id = uuid.New().String()
 	}