diff options
Diffstat (limited to 'routes.go')
| -rw-r--r-- | routes.go | 27 |
1 files changed, 26 insertions, 1 deletions
@@ -2,7 +2,11 @@ package main import ( "context" + "crypto/sha256" + "crypto/x509" + "encoding/hex" "os" + "sort" "strings" sr "tildegit.org/tjp/sliderule" @@ -20,7 +24,7 @@ func geminiRouter(conf config) sr.Handler { router.Route( "/*", gemini.GeminiOnly(true)(sr.FallthroughHandler( - fs.TitanUpload(tlsauth.Allow, conf.geminiRoot)(postUploadRedirect), + fs.TitanUpload(tlsAuth(conf.uploaderFingerprints), conf.geminiRoot)(postUploadRedirect), fs.GeminiFileHandler(fsys), fs.GeminiDirectoryDefault(fsys, "index.gmi"), fs.GeminiDirectoryListing(fsys, nil), @@ -41,3 +45,24 @@ var postUploadRedirect = sr.HandlerFunc(func(ctx context.Context, request *sr.Re u.Scheme = "gemini" return gemini.Redirect(u.String()) }) + +func tlsAuth(uploaders []string) tlsauth.Approver { + sort.Strings(uploaders) + + return func(cert *x509.Certificate) bool { + raw := sha256.Sum256(cert.Raw) + user := hex.EncodeToString(raw[:]) + + _, found := sort.Find(len(uploaders), func(i int) int { + switch { + case uploaders[i] < user: + return 1 + case uploaders[i] == user: + return 0 + default: + return -1 + } + }) + return found + } +} |