package rep import ( "crypto/subtle" "io" "log" "net" "net/http" "time" "git.crumpington.com/public/jldb/lib/httpconn" ) func (rep *Replicator) handlerLogf(pattern string, args ...any) { log.Printf("[HTTP-HANDLER] "+pattern, args...) } // checkBasicAuth tests whether the caller has provided the appropriate basic auth // header. The caller should provide the PSK as the basic-auth password. func (rep *Replicator) checkBasicAuth(w http.ResponseWriter, r *http.Request) bool { _, pwd, _ := r.BasicAuth() if subtle.ConstantTimeCompare([]byte(pwd), rep.pskBytes[:]) != 1 { rep.handlerLogf("PSK mismatch.") http.Error(w, "not authorized", http.StatusUnauthorized) return false } return true } // acceptConnect accepts a CONNECT request and checks the PSK. func (rep *Replicator) acceptConnect(w http.ResponseWriter, r *http.Request) net.Conn { conn, err := httpconn.Accept(w, r) if err != nil { rep.handlerLogf("Failed to accept connection: %s", err) return nil } psk := [64]byte{} conn.SetReadDeadline(time.Now().Add(rep.conf.NetTimeout)) if _, err := io.ReadFull(conn, psk[:]); err != nil { conn.Close() rep.handlerLogf("Failed to read PSK: %v", err) return nil } if subtle.ConstantTimeCompare(psk[:], rep.pskBytes[:]) != 1 { conn.Close() rep.handlerLogf("PSK mismatch.") return nil } return conn }