ZiCloud-API/main.go

package main

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/rand"
	"encoding/base64"
	"fmt"
	"io"
	"log"
	"log/syslog"
	"net/http"
	"net/smtp"
	"os"
	"time"

	"github.com/labstack/echo"
	"github.com/labstack/echo/middleware"
)

var _appversion string = "0.1"
var _appname string = "ZiCloud-API"
var URL string = "https://ipa-cl.zi-tel.com"

func audit(txt string) {

	syslogger, err := syslog.New(syslog.LOG_INFO, _appname)
	if err != nil {
		log.Fatalln(err)
	}
	log.SetOutput(syslogger)
	log.Println(txt)
}

var RealIP string
var secretKey = []byte("P*%!5+u!$y+cgM+P8bybzgnXpsd2Lv2z") // 32 bytes
func sendMail(str string, subject string, recipient string) {
	auth := smtp.PlainAuth("", "zicloud@zi-tel.com", "5Sd?^AQx@r2OGRvS?i|DO0", "mail.zi-tel.com")
	to := []string{recipient}
	buff := make([]byte, 8)
	rand.Read(buff)
	random_str := base64.StdEncoding.EncodeToString(buff)
	msg := []byte("To:" + recipient + "\r\n" +
		"Date: " + time.Now().Format(time.RFC1123) + "\r\n" +
		"Message-Id: <" + random_str + "@ZiCloud.com>" + "\r\n" +
		"subject: " + subject + "\r\n" +
		"From: ZiCloud <" + "zicloud@zi-tel.com" + ">\r\n" +
		str)
	err := smtp.SendMail("mail.zi-tel.com:25", auth, "zicloud@zi-tel.com", to, msg)
	if err != nil {
		log.Fatal(err)
	}
}
func extractIP(next echo.HandlerFunc) echo.HandlerFunc {
	return func(c echo.Context) error {
		RealIP = c.RealIP()
		audit("Recieved request from: " + RealIP)
		return next(c)
	}
}
func main() {
	if len(os.Args) != 3 {
		fmt.Println("Wrong Usage:\n\t ./CMD IP Port")
		audit("Application in the wrong way")
		os.Exit(1)
	}
	echoHandler := echo.New()
	echoHandler.Use(extractIP)
	echoHandler.Use(middleware.CORSWithConfig(middleware.CORSConfig{
		AllowOrigins: []string{"*", "*"},
		AllowMethods: []string{http.MethodGet, http.MethodPost},
	}))
	audit("Application " + _appname + " (" + _appversion + ") Started by " + os.Getenv("USER"))
	echoHandler.GET("/", func(c echo.Context) error {
		return c.String(http.StatusOK, "Hello, World!")
	})

	h := &handler{}
	echoHandler.POST("/login", h.login)
	echoHandler.GET("/private", h.private, isLoggedIn)

	echoHandler.GET("/admin", h.private, isLoggedIn, isAdmin)
	echoHandler.POST("/addUser", h.addUser, isLoggedIn, isAdmin)
	echoHandler.POST("/disableUser", h.disableUser, isLoggedIn, isAdmin)
	echoHandler.POST("/resetUser", h.resetUser)
	echoHandler.GET("/verifyUser", h.verifyUser)
	echoHandler.POST("/dnsrecordadd", h.dnsrecordadd, isLoggedIn, isAdmin)
	echoHandler.POST("/token", h.token, isLoggedIn)
	echoHandler.Logger.Fatal(echoHandler.Start(os.Args[1] + ":" + os.Args[2]))
}
func encrypt(key []byte, text string) string {
	// key := []byte(keyText)
	plaintext := []byte(text)
	block, err := aes.NewCipher(key)
	if err != nil {
		panic(err)
	}
	// The IV needs to be unique, but not secure. Therefore it's common to
	// include it at the beginning of the ciphertext.
	ciphertext := make([]byte, aes.BlockSize+len(plaintext))
	iv := ciphertext[:aes.BlockSize]
	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
		panic(err)
	}

	stream := cipher.NewCFBEncrypter(block, iv)
	stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)

	// convert to base64
	return base64.URLEncoding.EncodeToString(ciphertext)
}
func decrypt(key []byte, cryptoText string) string {
	ciphertext, _ := base64.URLEncoding.DecodeString(cryptoText)

	block, err := aes.NewCipher(key)
	if err != nil {
		panic(err)
	}

	// The IV needs to be unique, but not secure. Therefore it's common to
	// include it at the beginning of the ciphertext.
	if len(ciphertext) < aes.BlockSize {
		panic("ciphertext too short")
	}
	iv := ciphertext[:aes.BlockSize]
	ciphertext = ciphertext[aes.BlockSize:]

	stream := cipher.NewCFBDecrypter(block, iv)

	// XORKeyStream can work in-place if the two arguments are the same.
	stream.XORKeyStream(ciphertext, ciphertext)

	return fmt.Sprintf("%s", ciphertext)
}

type _response struct {
	Message string `json:"message"`
	Origin  string `json:"origin"`
	Code    int    `json:"code"`
}