Added very basic and not-very-secure authentication. Smeagol is now usable.

2026-04-12 18:05:06 +00:00 · 2014-11-11 12:24:44 +00:00 · 2014-11-11 12:24:44 +00:00 · fc89b25a2f
commit fc89b25a2f
parent d437f07fc2
12 changed files with 140 additions and 32 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 smeagol.log
 pom.xml
 pom.xml.asc
 *jar
--- a/README.md
+++ b/README.md
@ -1,6 +1,28 @@
-# Welcome to Smeagol
+ Welcome to Smeagol!
-Smeagol is a simple Git-backed Wiki inspired by [Gollum](https://github.com/gollum/gollum/wiki).
+Smeagol is a simple Wiki engine inspired by [Gollum](https://github.com/gollum/gollum/wiki). Gollum is a Wiki engine written in Ruby, which uses a number of simple text formats including [Markdown](http://daringfireball.net/projects/markdown/), which uses [Git](http://git-scm.com/) to provide versioning and backup. I needed a new Wiki for a project and thought Gollum would be ideal - but unfortunately it doesn't provide user authentication, which I needed, and it was simpler for me to reimplement the bits I did need in Clojure than to modify Gollum.
 So at this stage Smeagol is a Wiki engine written in Clojure which uses Markdown as its text format, which does have user authentication, and which will soon use Git as its versioning and backup system.
 ## Markup syntax
 Smeagol uses the Markdown format as provided by [markdown-clj](https://github.com/yogthos/markdown-clj), with the addition that anything enclosed in double square brackets, \[\[like this\]\], will be treated as a link into the wiki.
 ## Security and authentication
 Currently security is very weak. There is currently a file called *passwd* in the *resources/public* directory, which contains a clojure map of username/plain-text password pairs thus:
    {:admin "admin"}
 that is to say, the username is a keyword and the corresponding password is a string. Obviously, this is a temporary solution while in development which I will fix later.
 ## Todo
 * Git integration! Smeagol doesn't have any inbuilt versioning or backup mechanism; it's intended that Git will be used as that mechanism. But it isn't implemented yet.
 * Image (and other media) upload.
 * Improved security.
 * Mechanism to add users through the user interface.
 * Mechanism to change passwords through the user interface.
 ## Prerequisites
--- a/resources/public/content/Introduction.md
+++ b/resources/public/content/Introduction.md
@ -10,11 +10,19 @@ Smeagol uses the Markdown format as provided by [markdown-clj](https://github.co
 ## Security and authentication
-Not done yet.
+Currently security is very weak. There is currently a file called *passwd* in the *resources/public* directory, which contains a clojure map of username/plain-text password pairs thus:
    {:admin "admin"}
 that is to say, the username is a keyword and the corresponding password is a string. Obviously, this is a temporary solution while in development which I will fix later.
 ## Todo
-Git integration!
+* Git integration! Smeagol doesn't have any inbuilt versioning or backup mechanism; it's intended that Git will be used as that mechanism. But it isn't implemented yet.
 * Image (and other media) upload.
 * Improved security.
 * Mechanism to add users through the user interface.
 * Mechanism to change passwords through the user interface.
 ## Editing the framing content
--- a/resources/public/css/standard.css
+++ b/resources/public/css/standard.css
@ -18,6 +18,13 @@ body {
  background:rgba(40,40,40,0.8);
 }
 #user {
 	font-height: 66%;
 	float: right;
 	padding: 0.1em 0.75em;
    margin: 0;
 }
 /* only needed for fly-out menu effect on tablet and phone stylesheets */
 #nav-icon {
  display: none;
@ -120,10 +127,15 @@ input {
  background-color: white;
 }
-input.submit {
+input.action {
  background-color: green;
 }
 input.action-dangerous {
 	color: white;
 	background-color: red;
 }
 input.required:after {
  content: " \*";
  color: red;
--- a/resources/public/passwd
+++ b/resources/public/passwd
@ -0,0 +1 @@
 {:admin "admin"}
--- a/resources/templates/auth.html
+++ b/resources/templates/auth.html
@ -0,0 +1,33 @@
 {% extends "templates/base.html" %}
 {% block content %}
    <div id="header" class="wiki">
        <h1>{{title}}</h1>
        {{header|safe}}
    </div>
    <div id="left-bar"  class="wiki">
        {{left-bar|safe}}
    </div>
    <div id="content" class="wiki">    	
        <form action="{{servlet-context}}/auth" method="POST">
    		{% if user %}
            <p class="widget">
                <label for="submit">To finish editing</label>
                <input name="action" id="action" type="submit" class="action-dangerous" value="Logout!"/>
            </p>
    		{% else %}
        	<p class="widget">
                <label for="username">Your username</label>
                <input name="username" id="username" type="text"/>
        	</p>
        	<p class="widget">
                <label for="password">Your password</label>
                <input name="password" id="password" type="password"/>
        	</p>
            <p class="widget">
                <label for="submit">To edit this wiki</label>
                <input name="action" id="action" type="submit" class="action" value="Login!"/>
            </p>
            {% endif %}
        </form>
    </div>
 {% endblock %}
--- a/resources/templates/base.html
+++ b/resources/templates/base.html
@ -13,10 +13,19 @@
  <body>
    <!-- navbar -->
    <div id="nav">
      {% if user %}
      <p class="user" id="user">You are logged in as {{user}}</p>
      {% endif %}
      <img id="nav-icon" src="{{servlet-context}}/img/threelines.png" alt="Menu"/>
      <ul id="nav-menu" class="nav">
-        <li class="{{home-selected}}"><a href="{{servlet-context}}/">Home</a></li>
+        <li class="{{wiki-selected}}"><a href="{{servlet-context}}/">Home</a></li>
        <li class="{{edit-selected}}"><a href="{{servlet-context}}/edit?content={{title}}">Edit this page</a></li>
        <li class="{{auth-selected}}"><a href="{{servlet-context}}/auth">
        	{% if user %}
        	Log out
        	{% else %}
        	Log in
        	{% endif %}</a></li>
      </ul>
    </div>
--- a/resources/templates/edit.html
+++ b/resources/templates/edit.html
@ -13,7 +13,7 @@
            <textarea name="src" id="src" rows="25" cols="80">{{content}}</textarea>
            <p class="widget">
                <label for="submit">When you have finished editing</label>
-                <input name="submit" id="submit" type="submit" value="Save!"/>
+                <input name="submit" id="submit" type="submit" class="action" value="Save!"/>
            </p>
        </form>
    </div>
--- a/smeagol.log
+++ b/smeagol.log
@ -1,20 +0,0 @@
 2014-Nov-09 20:07:44 +0000 fletcher INFO [smeagol.handler] - 
 -=[ smeagol started successfully using the development profile ]=-
 2014-Nov-09 20:32:47 +0000 fletcher INFO [smeagol.handler] - smeagol is shutting down...
 2014-Nov-09 20:32:47 +0000 fletcher INFO [smeagol.handler] - shutdown complete!
 2014-Nov-09 20:33:00 +0000 fletcher INFO [smeagol.handler] - 
 -=[ smeagol started successfully using the development profile ]=-
 2014-Nov-09 20:35:05 +0000 fletcher INFO [smeagol.handler] - smeagol is shutting down...
 2014-Nov-09 20:35:05 +0000 fletcher INFO [smeagol.handler] - shutdown complete!
 2014-Nov-09 20:35:19 +0000 fletcher INFO [smeagol.handler] - 
 -=[ smeagol started successfully using the development profile ]=-
 2014-Nov-09 21:07:26 +0000 fletcher INFO [smeagol.handler] - smeagol is shutting down...
 2014-Nov-09 21:07:26 +0000 fletcher INFO [smeagol.handler] - shutdown complete!
 2014-Nov-09 21:07:40 +0000 fletcher INFO [smeagol.handler] - 
 -=[ smeagol started successfully using the development profile ]=-
 2014-Nov-09 21:10:52 +0000 fletcher INFO [smeagol.handler] - smeagol is shutting down...
 2014-Nov-09 21:10:52 +0000 fletcher INFO [smeagol.handler] - shutdown complete!
 2014-Nov-10 07:24:44 +0000 fletcher INFO [smeagol.handler] - 
 -=[ smeagol started successfully using the development profile ]=-
 2014-Nov-10 13:15:36 +0000 fletcher INFO [smeagol.handler] - smeagol is shutting down...
 2014-Nov-10 13:15:37 +0000 fletcher INFO [smeagol.handler] - shutdown complete!
--- a/src/smeagol/authenticate.clj
+++ b/src/smeagol/authenticate.clj
@ -0,0 +1,10 @@
 (ns smeagol.authenticate (:require [noir.io :as io]))
 (defn authenticate
  "Return true if this username/password pair match, false otherwise"
  [username password]
  (let [path (str (io/resource-path) "passwd")
        users (read-string (slurp path))
        user (keyword username)]
    (println (str "Checking for user " user " with password " password " in " users " from " path))
    (.equals (user users) password)))
--- a/src/smeagol/handler.clj
+++ b/src/smeagol/handler.clj
@ -73,7 +73,7 @@
           :middleware (load-middleware)
           :ring-defaults (mk-defaults false)
           ;; add access rules here
-           :access-rules [{:redirect "/login"
+           :access-rules [{:redirect "auth"
                :rule user-access}]
           ;; serialize/deserialize the following data formats
           ;; available formats:
--- a/src/smeagol/routes/wiki.clj
+++ b/src/smeagol/routes/wiki.clj
@ -3,6 +3,9 @@
  (:require [compojure.core :refer :all]
            [noir.io :as io]
            [noir.response :as response]
            [noir.util.route :as route]
            [noir.session :as session]
            [smeagol.authenticate :as auth]
            [smeagol.layout :as layout]
            [smeagol.util :as util]))
@ -31,9 +34,11 @@
                   {:title content
                    :left-bar (util/md->html "/content/_edit-left-bar.md")
                    :header (util/md->html "/content/_header.md")
-                    :content (if exists? (io/slurp-resource file-name) "")}))))
+                    :content (if exists? (io/slurp-resource file-name) "")
                    :user (session/get :user)}))))
 (defn local-links
  "Rewrite text in `html-src` surrounded by double square brackets as a local link into this wiki."
  [html-src]
  (clojure.string/replace html-src #"\[\[[^\[\]]*\]\]"
                          #(let [text (clojure.string/replace %1 #"[\[\]]" "")]
@ -52,9 +57,34 @@
                   {:title content
                    :left-bar (util/md->html "/content/_left-bar.md")
                    :header (util/md->html "/content/_header.md")
-                    :content (local-links (util/md->html file-name))})
+                    :content (local-links (util/md->html file-name))
                    :user (session/get :user)})
          true (response/redirect (str "edit?content=" content)))))
 (defn auth-page
  "Render the auth page"
  [request]
  (let [params (keywordize-keys (:params request))
        username (:username params)
        password (:password params)
        action (:action params)
        user (session/get :user)]
    (println (str "Action = " action))
    (cond
      (= action "Logout!") 
      (do 
        (session/remove! :user)
        (response/redirect "wiki"))
      (and username password (auth/authenticate username password))
      (do
        (session/put! :user username)
        (response/redirect "wiki"))
      true
      (layout/render "auth.html"
                   {:title (if user (str "Logout " user) "Log in")
                    :left-bar (util/md->html "/content/_left-bar.md")
                    :header (util/md->html "/content/_header.md")
                    :user user}))))
 (defn about-page []
  (layout/render "about.html"))
@ -62,6 +92,8 @@
 (defroutes wiki-routes
  (GET "/wiki" request (wiki-page request))
  (GET "/" request (wiki-page request))
-  (GET "/edit" request (edit-page request))
+  (GET "/edit" request (route/restricted (edit-page request)))
-  (POST "/edit" request (edit-page request))
+  (POST "/edit" request (route/restricted (edit-page request)))
  (GET "/auth" request (auth-page request))
  (POST "/auth" request (auth-page request))
  (GET "/about" [] (about-page)))