commit b9862144a8581edfc2c685064886f548c7b8d9d0
parent ad77ecc520b075fd879da181ae9ed063d5d579f2
Author: Ryan Wolf <johnwayne@pseudony.ms>
Date: Sun, 17 Feb 2019 09:59:08 -0500
Move password from datastore to env vars.
Now that app engine supports environment variables, we no longer need to use
the workaround described in https://pseudony.ms/blags/secret-keys-gae.html
Diffstat:
4 files changed, 20 insertions(+), 38 deletions(-)
diff --git a/README.md b/README.md
@@ -1,31 +1,32 @@
Setup
===
-1. Get your [dev environment](https://developers.google.com/appengine/docs/go/gettingstarted/devenvironment) setup for GAE.
+1. Get your
+ [dev environment](https://developers.google.com/appengine/docs/go/gettingstarted/devenvironment)
+ set up for GAE.
2. Clone this repository, cd into the directory.
3. ```cp app.yaml.example app.yaml```
+4. Replace EXAMPLE_PASSWORD with your desired password.
Running locally
===
1. Start the dev server: ```$ dev_appserver.py .```
-2. Seed the server with starting data:
-```$ curl whatever:bees@localhost:8080/yes```
-3. Visit localhost:8080 in your browser.
+2. Visit http://localhost:8080/
-Your novelty server is ready to go. The answer is current set to "yes", and the
-password for changing the answer is "bees".
+Your novelty server is ready to go. The answer is currently set to "no".
-To change the answer to "no", simply visit larry:bees@localhost:8080/no
+To change the answer to "yes", simply visit
+http://larry:EXAMPLE_PASSWORD@localhost:8080/no
Running on appspot
===
-1. Follow the [registration instuctions](https://developers.google.com/appengine/docs/go/gettingstarted/uploading) for GAE.
+1. Follow the
+ [registration instuctions](https://developers.google.com/appengine/docs/go/gettingstarted/uploading)
+ for GAE.
2. Push the app: ```$ appcfg.py .```
-3. Seed the server with starting data. I'd suggest a different password than
-"bees": ```$ curl http://moe:$PASSWORD@$APPID.appspot.com/yes```
-4. Visit $APPID.appspot.com in your browser to behold your new novelty server.
+3. Visit http://$APPID.appspot.com/ to behold your new novelty server.
License
===
diff --git a/TODO b/TODO
@@ -1,3 +1,2 @@
* make sure we're sending right content types
* html error pages
-* salt password?
diff --git a/app.yaml.example b/app.yaml.example
@@ -1,6 +1,9 @@
runtime: go
api_version: go1
+env_variables:
+ PASSWORD: 'EXAMPLE_PASSWORD'
+
handlers:
-- url: /.*
- script: _go_app
+- url: /.*
+ script: _go_app
diff --git a/novelty.go b/novelty.go
@@ -5,6 +5,7 @@ import (
"appengine/datastore"
"html/template"
"net/http"
+ "os"
)
type Answer struct {
@@ -35,35 +36,13 @@ func getAnswer(w http.ResponseWriter, r *http.Request) {
}
}
-func authorized(r *http.Request) bool {
- _, password, ok := r.BasicAuth()
- if !ok {
- return false
- }
- c := appengine.NewContext(r)
- k := datastore.NewKey(c, "Password", "password", 0, nil)
- p := new(Password)
- if err := datastore.Get(c, k, p); err != nil {
- // If password is not set, seed with whatever password was passed in.
- // See: http://golang.org/misc/dashboard/app/build/key.go
- dp := Password{
- Value: password,
- }
- if _, err := datastore.Put(c, k, &dp); err != nil {
- return false
- }
- return true
- }
- return p.Value == password
-}
-
func setAnswer(answer string) func(w http.ResponseWriter, r *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {
- if !authorized(r) {
+ if _, p, ok := r.BasicAuth(); !ok || p != os.Getenv("PASSWORD") {
w.Header().Set("WWW-Authenticate", "Basic")
http.Error(w, "Unauthorized", http.StatusUnauthorized)
return
- }
+ }
c := appengine.NewContext(r)
k := datastore.NewKey(c, "Answer", "answer", 0, nil)
a := Answer{
