From d9477ee60ba08d963f0554797b20e0a07595cb65 Mon Sep 17 00:00:00 2001
From: shylinux <shylinux@shylinux.com>
Date: Wed, 16 Aug 2023 23:38:20 +0800
Subject: [PATCH] add some

---
 base/web/serve.go   |  1 +
 base/web/spide.go   |  1 +
 base/web/token.go   | 75 +++++++++++++++++++++++++++++++++++++++++----
 core/chat/pod.go    | 10 +++---
 misc/git/service.go | 25 +++------------
 misc/git/status.go  |  4 +--
 misc/git/token.go   | 52 -------------------------------
 7 files changed, 83 insertions(+), 85 deletions(-)

diff --git a/base/web/serve.go b/base/web/serve.go
index 418fd449..dfc5e1d9 100644
--- a/base/web/serve.go
+++ b/base/web/serve.go
@@ -177,6 +177,7 @@ func init() {
 				cli.NodeInfo(m, ice.Info.Pathname, WORKER)
 				gdb.Watch(m, SERVE_START)
 				aaa.White(m, nfs.REQUIRE)
+				aaa.White(m, LOGIN)
 			}},
 			DOMAIN: {Hand: func(m *ice.Message, arg ...string) {
 				kit.If(len(arg) > 0, func() { ice.Info.Domain, ice.Info.Localhost = arg[0], false })
diff --git a/base/web/spide.go b/base/web/spide.go
index e4102a41..95a59994 100644
--- a/base/web/spide.go
+++ b/base/web/spide.go
@@ -209,6 +209,7 @@ const (
 	SPIDE_JSON = "json"
 	SPIDE_RES  = "content_data"
 
+	Basic         = "Basic"
 	Bearer        = "Bearer"
 	Authorization = "Authorization"
 	ContentType   = "Content-Type"
diff --git a/base/web/token.go b/base/web/token.go
index 909a91df..e105bfa8 100644
--- a/base/web/token.go
+++ b/base/web/token.go
@@ -1,26 +1,89 @@
 package web
 
 import (
+	"encoding/base64"
+	"strings"
+
 	ice "shylinux.com/x/icebergs"
+	"shylinux.com/x/icebergs/base/aaa"
+	"shylinux.com/x/icebergs/base/lex"
 	"shylinux.com/x/icebergs/base/mdb"
+	"shylinux.com/x/icebergs/base/nfs"
+	"shylinux.com/x/icebergs/base/tcp"
 	kit "shylinux.com/x/toolkits"
 )
 
 const TOKEN = "token"
 
 func init() {
+	const (
+		GEN     = "gen"
+		SET     = "set"
+		CONFIRM = "confirm"
+		FILE    = ".git-credentials"
+		LOCAL   = "http://localhost:9020"
+	)
 	Index.MergeCommands(ice.Commands{
-		TOKEN: {Name: "token hash auto create prunes", Help: "令牌", Actions: ice.MergeActions(ice.Actions{
-			mdb.INPUTS: {Hand: func(m *ice.Message, arg ...string) {
-				switch mdb.HashInputs(m, arg); arg[0] {
-				case mdb.TYPE:
-					m.Push(arg[0], SERVER, WORKER)
+		TOKEN: {Name: "token username auto prunes", Help: "令牌", Actions: ice.MergeActions(ice.Actions{
+			GEN: {Hand: func(m *ice.Message, arg ...string) {
+				m.Echo("请授权 %s 代码权限\n", m.Option(tcp.HOST)).EchoButton(CONFIRM)
+			}},
+			CONFIRM: {Hand: func(m *ice.Message, arg ...string) {
+				msg := m.Cmd("", m.Option(ice.MSG_USERNAME))
+				if msg.Append(mdb.TIME) < m.Time() {
+					msg = m.Cmd("", mdb.CREATE, aaa.USERNAME, m.Option(ice.MSG_USERNAME), TOKEN, kit.Hashs(mdb.UNIQ)).Cmd("", m.Option(ice.MSG_USERNAME))
 				}
+				m.ProcessReplace(kit.MergeURL2(m.Option(tcp.HOST), ChatCmdPath(m.PrefixKey(), SET), TOKEN, strings.Replace(UserHost(m), "://", kit.Format("://%s:%s@", m.Option(ice.MSG_USERNAME), msg.Append(TOKEN)), 1)))
+			}},
+			SET: {Hand: func(m *ice.Message, arg ...string) {
+				host, list := ice.Map{kit.ParseURL(m.Option(TOKEN)).Host: true}, []string{m.Option(TOKEN)}
+				m.Cmd(nfs.CAT, kit.HomePath(FILE), func(line string) {
+					line = strings.ReplaceAll(line, "%3a", ":")
+					kit.IfNoKey(host, kit.ParseURL(line).Host, func(p string) { list = append(list, line) })
+				}).Cmd(nfs.SAVE, kit.HomePath(FILE), strings.Join(list, lex.NL)+lex.NL)
+				m.ProcessClose()
 			}},
 		}, mdb.HashAction(mdb.EXPIRE, mdb.MONTH, mdb.SHORT, mdb.UNIQ, mdb.FIELD, "time,hash,type,name,text")), Hand: func(m *ice.Message, arg ...string) {
 			if mdb.HashSelect(m, arg...); len(arg) > 0 {
-				m.Cmdy("web.code.publish", "contexts", kit.Dict(TOKEN, arg[0]))
+				return
+				u := kit.ParseURL(m.Option(ice.MSG_USERWEB))
+				p := tcp.PublishLocalhost(m, kit.Format("%s://%s:%s@%s", u.Scheme, m.Append(aaa.USERNAME), m.Append(TOKEN), u.Host))
+				m.EchoScript(p).EchoScript(kit.Format("echo '%s' >>~/.git-credentials", p))
 			}
 		}},
 	})
+	Index.MergeCommands(ice.Commands{
+		"/check": {Hand: func(m *ice.Message, arg ...string) {
+			kit.For(m.R.Header, func(key string, value []string) { m.Debug("what %v %v", key, value) })
+			if BasicSess(m); m.Option(ice.MSG_USERNAME) == "" {
+				BasicCheck(m, "请输入账号密码")
+			}
+		}},
+		"/login": {Hand: func(m *ice.Message, arg ...string) { RenderMain(m) }},
+		"/auths": {Hand: func(m *ice.Message, arg ...string) {
+			kit.If(m.R.URL.Query().Get(ice.MSG_SESSID), func(p string) { RenderCookie(m, m.Option(ice.MSG_SESSID, p)) })
+			RenderRedirect(m, m.R.URL.Query().Get("redirect_uri"))
+		}},
+	})
+}
+
+func BasicSess(m *ice.Message) {
+	m.Options(ice.MSG_USERWEB, _serve_domain(m))
+	m.Options(ice.MSG_SESSID, kit.Select(m.Option(ice.MSG_SESSID), m.Option(CookieName(m.Option(ice.MSG_USERWEB)))))
+	aaa.SessCheck(m, m.Option(ice.MSG_SESSID))
+}
+func BasicCheck(m *ice.Message, realm string) bool {
+	switch ls := kit.Split(m.R.Header.Get(Authorization)); kit.Select("", ls, 0) {
+	case Basic:
+		if buf, err := base64.StdEncoding.DecodeString(kit.Select("", ls, 1)); !m.Warn(err) {
+			if ls := strings.SplitN(string(buf), ":", 2); !m.Warn(len(ls) < 2) {
+				if msg := m.Cmd(TOKEN, ls[1]); !m.Warn(msg.Time() > msg.Append(mdb.TIME)) {
+					return true
+				}
+			}
+		}
+	}
+	m.W.Header().Add("WWW-Authenticate", kit.Format(`Basic realm="%s"`, realm))
+	m.RenderStatusUnauthorized()
+	return false
 }
diff --git a/core/chat/pod.go b/core/chat/pod.go
index 0a9f17ea..9f805c5f 100644
--- a/core/chat/pod.go
+++ b/core/chat/pod.go
@@ -27,13 +27,15 @@ func init() {
 				m.RenderDownload(path.Join(ice.USR_LOCAL_WORK, arg[0], ice.USR_PUBLISH, kit.Keys(ice.ICE, m.Option(cli.GOOS), m.Option(cli.GOARCH))))
 			} else if m.IsCliUA() {
 				m.RenderDownload(path.Join(ice.USR_LOCAL_WORK, arg[0], ice.BIN_ICE_BIN))
-			} else if len(arg) == 1 {
+			} else {
 				if m.Cmd(web.SPACE, arg[0]).Length() == 0 && nfs.Exists(m, path.Join(ice.USR_LOCAL_WORK, arg[0])) {
 					m.Cmd(web.DREAM, cli.START, kit.Dict(mdb.NAME, arg[0]))
 				}
-				m.Cmdy(web.SPACE, arg[0], web.SPACE, ice.MAIN, kit.Dict(nfs.VERSION, web.RenderVersion(m)))
-			} else if arg[1] == CMD {
-				web.RenderPodCmd(m, arg[0], arg[2], arg[3:])
+				if len(arg) == 1 {
+					m.Cmdy(web.SPACE, arg[0], web.SPACE, ice.MAIN, kit.Dict(nfs.VERSION, web.RenderVersion(m)))
+				} else if arg[1] == CMD {
+					web.RenderPodCmd(m, arg[0], arg[2], arg[3:])
+				}
 			}
 		}},
 	})
diff --git a/misc/git/service.go b/misc/git/service.go
index 5aa89e80..fc6d6971 100644
--- a/misc/git/service.go
+++ b/misc/git/service.go
@@ -4,7 +4,6 @@ import (
 	"compress/flate"
 	"compress/gzip"
 	"context"
-	"encoding/base64"
 	"fmt"
 	"io"
 	"os"
@@ -32,21 +31,6 @@ import (
 	kit "shylinux.com/x/toolkits"
 )
 
-func _service_login(m *ice.Message) error {
-	if ice.Info.Localhost && tcp.IsLocalHost(m, m.Option(ice.MSG_USERIP)) {
-		return nil
-	} else if auth := strings.SplitN(m.R.Header.Get(web.Authorization), lex.SP, 2); strings.ToLower(auth[0]) != "basic" {
-		return fmt.Errorf("Authentication type error")
-	} else if data, err := base64.StdEncoding.DecodeString(auth[1]); err != nil {
-		return err
-	} else if auth := strings.SplitN(string(data), nfs.DF, 2); m.Cmdv(Prefix(TOKEN), auth[0], TOKEN) != auth[1] {
-		return fmt.Errorf("username or password error")
-	} else if aaa.UserRole(m, auth[0]) == aaa.VOID {
-		return fmt.Errorf("userrole has no right")
-	} else {
-		return nil
-	}
-}
 func _service_path(m *ice.Message, p string, arg ...string) string {
 	return kit.Path(ice.USR_LOCAL_REPOS, kit.TrimExt(p, GIT), path.Join(arg...))
 }
@@ -147,17 +131,16 @@ func init() {
 		}
 		switch repos, service := _service_param(m, arg...); service {
 		case RECEIVE_PACK:
-			if err := _service_login(m); m.Warn(err, ice.ErrNotLogin) {
-				web.RenderHeader(m.W, "WWW-Authenticate", `Basic realm="git server"`)
+			if !web.BasicCheck(m, "git server") {
 				return
-			} else if !nfs.Exists(m, repos) {
+			}
+			if !nfs.Exists(m, repos) {
 				m.Cmd(Prefix(SERVICE), mdb.CREATE, mdb.NAME, path.Base(repos))
 			}
 
 		case UPLOAD_PACK:
 			if mdb.Conf(m, Prefix(SERVICE), kit.Keym(aaa.AUTH)) == aaa.PRIVATE {
-				if err := _service_login(m); m.Warn(err, ice.ErrNotLogin) {
-					web.RenderHeader(m.W, "WWW-Authenticate", `Basic realm="git server"`)
+				if !web.BasicCheck(m, "git server") {
 					return
 				}
 			}
diff --git a/misc/git/status.go b/misc/git/status.go
index d9af33a4..541b1c8c 100644
--- a/misc/git/status.go
+++ b/misc/git/status.go
@@ -139,10 +139,10 @@ func init() {
 				m.Cmd(nfs.DEFS, kit.HomePath(".gitconfig"), nfs.Template(m, "gitconfig", m.Option(aaa.USERNAME), m.Option(aaa.EMAIL)))
 				mdb.Config(m, aaa.USERNAME, m.Option(aaa.USERNAME))
 				mdb.Config(m, aaa.EMAIL, m.Option(aaa.EMAIL))
-				kit.If(m.Option(TOKEN), func() { m.Cmd(TOKEN, "set") })
+				kit.If(m.Option(web.TOKEN), func() { m.Cmd(web.TOKEN, "set") })
 			}},
 			OAUTH: {Help: "授权", Hand: func(m *ice.Message, arg ...string) {
-				m.ProcessOpen(kit.MergeURL2(kit.Select(ice.Info.Make.Domain, m.Cmdx(REPOS, "remoteURL")), web.ChatCmdPath(Prefix(TOKEN), "gen"), tcp.HOST, m.Option(ice.MSG_USERWEB)))
+				m.ProcessOpen(kit.MergeURL2(kit.Select(ice.Info.Make.Domain, m.Cmdx(REPOS, "remoteURL")), web.ChatCmdPath(web.TOKEN, "gen"), tcp.HOST, m.Option(ice.MSG_USERWEB)))
 			}},
 			INSTEADOF: {Name: "insteadof remote", Help: "代理", Hand: func(m *ice.Message, arg ...string) {
 				m.Cmdy(REPOS, INSTEADOF, arg)
diff --git a/misc/git/token.go b/misc/git/token.go
index 73e6b97a..cd99cdbe 100644
--- a/misc/git/token.go
+++ b/misc/git/token.go
@@ -1,53 +1 @@
 package git
-
-import (
-	"strings"
-
-	ice "shylinux.com/x/icebergs"
-	"shylinux.com/x/icebergs/base/aaa"
-	"shylinux.com/x/icebergs/base/lex"
-	"shylinux.com/x/icebergs/base/mdb"
-	"shylinux.com/x/icebergs/base/nfs"
-	"shylinux.com/x/icebergs/base/tcp"
-	"shylinux.com/x/icebergs/base/web"
-	kit "shylinux.com/x/toolkits"
-)
-
-const TOKEN = "token"
-
-func init() {
-	const (
-		GEN   = "gen"
-		SET   = "set"
-		FILE  = ".git-credentials"
-		LOCAL = "http://localhost:9020"
-	)
-	Index.MergeCommands(ice.Commands{
-		TOKEN: {Name: "token username auto prunes", Help: "令牌", Actions: ice.MergeActions(ice.Actions{
-			GEN: {Hand: func(m *ice.Message, arg ...string) {
-				m.Echo("请授权 %s 代码权限\n", m.Option(tcp.HOST)).EchoButton("confirm")
-			}},
-			"confirm": {Hand: func(m *ice.Message, arg ...string) {
-				msg := m.Cmd("", m.Option(ice.MSG_USERNAME))
-				if msg.Append(mdb.TIME) < m.Time() {
-					msg = m.Cmd("", mdb.CREATE, aaa.USERNAME, m.Option(ice.MSG_USERNAME), TOKEN, kit.Hashs(mdb.UNIQ)).Cmd("", m.Option(ice.MSG_USERNAME))
-				}
-				m.ProcessReplace(kit.MergeURL2(m.Option(tcp.HOST), web.ChatCmdPath(m.PrefixKey(), SET), TOKEN, strings.Replace(web.UserHost(m), "://", kit.Format("://%s:%s@", m.Option(ice.MSG_USERNAME), msg.Append(TOKEN)), 1)))
-			}},
-			SET: {Hand: func(m *ice.Message, arg ...string) {
-				host, list := ice.Map{kit.ParseURL(m.Option(TOKEN)).Host: true}, []string{m.Option(TOKEN)}
-				m.Cmd(nfs.CAT, kit.HomePath(FILE), func(line string) {
-					line = strings.ReplaceAll(line, "%3a", ":")
-					kit.IfNoKey(host, kit.ParseURL(line).Host, func(p string) { list = append(list, line) })
-				}).Cmd(nfs.SAVE, kit.HomePath(FILE), strings.Join(list, lex.NL)+lex.NL)
-				m.ProcessClose()
-			}},
-		}, mdb.HashAction(mdb.EXPIRE, mdb.MONTH, mdb.SHORT, aaa.USERNAME, mdb.FIELD, "time,username,token")), Hand: func(m *ice.Message, arg ...string) {
-			if mdb.HashSelect(m, arg...); len(arg) > 0 {
-				u := kit.ParseURL(m.Option(ice.MSG_USERWEB))
-				p := tcp.PublishLocalhost(m, kit.Format("%s://%s:%s@%s", u.Scheme, m.Append(aaa.USERNAME), m.Append(TOKEN), u.Host))
-				m.EchoScript(p).EchoScript(kit.Format("echo '%s' >>~/.git-credentials", p))
-			}
-		}},
-	})
-}