kyle/eng-pad-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
710fcfcd345f6d0e0e7aefca72bb519caeb1f068
eng-pad-server/internal/webserver/server.go
Kyle Isom 710fcfcd34 Complete WebAuthn web handlers and download real htmx 
- Real htmx.min.js (v2.0.4, 50KB) replaces stub
- WebAuthn registration handlers (begin/finish) for adding security keys
- WebAuthn login handlers (begin/finish) for passwordless login
- Key management page (list/delete registered keys)
- Login page updated with "Login with Security Key" button + JS
- Session store for WebAuthn ceremonies (mutex-protected map)
- WebAuthn config passed from server command through to webserver
- Added LookupUserID helper for username-based WebAuthn login

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-24 21:33:45 -07:00

127 lines
3.2 KiB
Go
Raw Blame History

package webserver
import (
"crypto/tls"
"database/sql"
"fmt"
"html/template"
"io/fs"
"log/slog"
"net/http"
"sync"
"time"
"git.wntrmute.dev/kyle/eng-pad-server/internal/auth"
"git.wntrmute.dev/kyle/eng-pad-server/web"
"github.com/go-chi/chi/v5"
"github.com/go-webauthn/webauthn/webauthn"
)
type Config struct {
Addr string
DB *sql.DB
BaseURL string
TLSCert string
TLSKey string
RPDisplayName string
RPID string
RPOrigins []string
}
type WebServer struct {
db *sql.DB
baseURL string
tmpl *template.Template
webauthn *webauthn.WebAuthn
mu sync.Mutex
sessions map[string]*webauthn.SessionData
}
func Start(cfg Config) (*http.Server, error) {
templateFS, err := fs.Sub(web.Content, "templates")
if err != nil {
return nil, fmt.Errorf("template fs: %w", err)
}
tmpl, err := template.ParseFS(templateFS, "*.html")
if err != nil {
return nil, fmt.Errorf("parse templates: %w", err)
}
ws := &WebServer{
db: cfg.DB,
baseURL: cfg.BaseURL,
tmpl: tmpl,
sessions: make(map[string]*webauthn.SessionData),
}
if cfg.RPID != "" {
wa, err := auth.NewWebAuthn(cfg.RPDisplayName, cfg.RPID, cfg.RPOrigins)
if err != nil {
return nil, fmt.Errorf("init webauthn: %w", err)
}
ws.webauthn = wa
slog.Info("WebAuthn enabled", "rpid", cfg.RPID)
}
r := chi.NewRouter()
// Static files
staticFS, _ := fs.Sub(web.Content, "static")
r.Handle("/static/*", http.StripPrefix("/static/", http.FileServer(http.FS(staticFS))))
// Public routes
r.Get("/login", ws.handleLoginPage)
r.Post("/login", ws.handleLoginSubmit)
// WebAuthn public routes (login ceremony)
r.Post("/webauthn/login/begin", ws.handleWebAuthnLoginBegin)
r.Post("/webauthn/login/finish", ws.handleWebAuthnLoginFinish)
// Share routes (no auth)
r.Get("/s/{token}", ws.handleShareNotebook)
r.Get("/s/{token}/pages/{num}", ws.handleSharePage)
// Authenticated routes
r.Group(func(r chi.Router) {
r.Use(ws.authMiddleware)
r.Get("/", http.RedirectHandler("/notebooks", http.StatusFound).ServeHTTP)
r.Get("/notebooks", ws.handleNotebooks)
r.Get("/notebooks/{id}", ws.handleNotebook)
r.Get("/notebooks/{id}/pages/{num}", ws.handlePage)
r.Get("/logout", ws.handleLogout)
// WebAuthn authenticated routes (registration + key management)
r.Post("/webauthn/register/begin", ws.handleWebAuthnRegisterBegin)
r.Post("/webauthn/register/finish", ws.handleWebAuthnRegisterFinish)
r.Get("/keys", ws.handleKeysList)
r.Post("/keys/delete", ws.handleKeyDelete)
})
srv := &http.Server{
Addr: cfg.Addr,
Handler: r,
ReadTimeout: 30 * time.Second,
WriteTimeout: 30 * time.Second,
IdleTimeout: 120 * time.Second,
}
if cfg.TLSCert != "" && cfg.TLSKey != "" {
tlsCert, err := tls.LoadX509KeyPair(cfg.TLSCert, cfg.TLSKey)
if err != nil {
return nil, fmt.Errorf("load TLS cert: %w", err)
}
srv.TLSConfig = &tls.Config{
Certificates: []tls.Certificate{tlsCert},
MinVersion: tls.VersionTLS13,
}
slog.Info("web UI started", "addr", cfg.Addr, "tls", true)
go func() { _ = srv.ListenAndServeTLS("", "") }()
} else {
slog.Info("web UI started", "addr", cfg.Addr, "tls", false)
go func() { _ = srv.ListenAndServe() }()
}
return srv, nil
}
Reference in New Issue View Git Blame Copy Permalink