Naaturel/masi-3ds-cypher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Finish implementation of protected routes but passwords must still be encrypted

Browse Source
This commit is contained in:
Laurent
2025-12-05 08:54:45 +01:00
parent 46b5e6d1e2
commit 1b0fd5f840
2 changed files with 16 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
assets/pages/index.html
View File

@@ -32,6 +32,18 @@
<script> <script>
function redirectToProtectedRoute(route) {
let data = JSON.parse(localStorage.getItem("creds"));
fetch(route, {
headers: {
"Authorization": `Basic ${data.username}:${data.password}`
}
})
.then(r => r.text())
.then(html => document.body.innerHTML = html);
}
let btn = document.getElementById("connect-button"); let btn = document.getElementById("connect-button");
btn.addEventListener("click", async () => { btn.addEventListener("click", async () => {
let username = document.getElementById("username-field").value; let username = document.getElementById("username-field").value;
@@ -50,7 +62,8 @@
body: JSON.stringify(data)}) body: JSON.stringify(data)})
.then(response => { .then(response => {
if(response.ok) { if(response.ok) {
window.location.href = "/payment"; localStorage.setItem("creds", JSON.stringify(data));
redirectToProtectedRoute("/payment");
} else { } else {
throw new Error("Authentication request failed") throw new Error("Authentication request failed")
} }

13
src/main/java/httpsServer/httpServer/src/interceptors/RequestInterceptor.java
View File

@@ -5,28 +5,20 @@ import com.sun.net.httpserver.HttpExchange;
import httpsServer.httpServer.src.annotations.AllowedVerb; import httpsServer.httpServer.src.annotations.AllowedVerb;
import httpsServer.httpServer.src.annotations.OnlyAuthorizedClients; import httpsServer.httpServer.src.annotations.OnlyAuthorizedClients;
import httpsServer.httpServer.src.authorization.AuthorizedClients; import httpsServer.httpServer.src.authorization.AuthorizedClients;
import httpsServer.httpServer.src.authorization.Client;
import httpsServer.httpServer.src.exceptions.NoSuchVerbException; import httpsServer.httpServer.src.exceptions.NoSuchVerbException;
import httpsServer.httpServer.src.exceptions.ClientAuthorisationException; import httpsServer.httpServer.src.exceptions.ClientAuthorisationException;
import java.io.BufferedReader;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.lang.reflect.*; import java.lang.reflect.*;
import java.nio.Buffer;
import java.nio.charset.StandardCharsets;
import java.util.Base64; import java.util.Base64;
public class RequestInterceptor implements InvocationHandler { public class RequestInterceptor implements InvocationHandler {
private final AuthorizedClients authorizedClients; private final AuthorizedClients authorizedClients;
private final ObjectMapper mapper;
private final Object target; private final Object target;
public RequestInterceptor(Object target) { public RequestInterceptor(Object target) {
authorizedClients = new AuthorizedClients(); authorizedClients = new AuthorizedClients();
mapper = new ObjectMapper();
this.target = target; this.target = target;
} }
@@ -71,9 +63,8 @@ public class RequestInterceptor implements InvocationHandler {
throw new ClientAuthorisationException("Unable to read body"); throw new ClientAuthorisationException("Unable to read body");
} }
String base64Credentials = authHeader.substring("Basic ".length()); String credentials = authHeader.substring("Basic ".length());
String credentials = new String(Base64.getDecoder().decode(base64Credentials)); String[] values = credentials.split(":", 2);
String[] values = credentials.split(":", 1);
String username = values[0]; String username = values[0];
String password = values[1]; String password = values[1];