From b32dc8dd42f729c980f1a12071712debcc71df19 Mon Sep 17 00:00:00 2001
From: Proc3ssor1 <jeanjestin@gmail.com>
Date: Tue, 23 Feb 2021 11:25:57 +0100
Subject: [PATCH] Update cuckoo

---
 README.md    |  5 ++++-
 main.go      | 30 ++++++++++++++++++++++++++----
 main_test.go | 42 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 72 insertions(+), 5 deletions(-)
 create mode 100644 main_test.go

diff --git a/README.md b/README.md
index 55d339d..b867225 100644
--- a/README.md
+++ b/README.md
@@ -31,4 +31,7 @@ User -> "Outlook" : Inspect suspicious email
 "Cyber-Signal" -> "Cyber-Signal" : Add information in dashboard SSI
 
 ```
-
+TODO : documentation
+TODO : améliorer génération & sécurité sharetoken 
+TODO : changer noms et type des struct
+TODO : factoriser fonctions appels d'IOC
diff --git a/main.go b/main.go
index 4b185f0..72f362e 100644
--- a/main.go
+++ b/main.go
@@ -15,8 +15,17 @@ import (
 var i int
 
 func main() {
-	mainH := http.HandlerFunc(helloServer)
-	go http.ListenAndServe(":8091", middleware(mainH))
+
+	mux := http.NewServeMux()
+	os.Setenv("SHARE_TOKEN", "sharetoken")
+
+	helloHandler := http.HandlerFunc(hello)
+	mux.Handle("/hello", validateShareToken(helloHandler))
+
+	log.Println("Listening on :8091...")
+	err := http.ListenAndServe(":8091", mux)
+	log.Fatal(err)
+
 	//taskid := sendPostRequestMultipart("http://localhost:8090/tasks/create/file", "/home/jean/Wza.txt")
 	sendGetSummaryReport(5)
 	//sendPostRequestMultipart("http://localhost:8090/tasks/summary/")
@@ -26,8 +35,8 @@ func main() {
 
 //subject, corps du mail, expéditeur, URL, hash
 
-func helloServer(w http.ResponseWriter, r *http.Request) {
-	//fmt.Fprintf(w, "Hello, %s!", r.URL.Path[1:])
+func hello(w http.ResponseWriter, r *http.Request) {
+	fmt.Fprintf(w, "Hello")
 }
 
 /*
@@ -42,6 +51,19 @@ func SaveFile(w http.ResponseWriter, r *http.Request) {
 }
 */
 
+// Middleware to check if the shared token is valid
+func validateShareToken(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		bearer := r.Header.Get("Authorization")
+		if bearer != fmt.Sprintf("Bearer %s", os.Getenv("SHARE_TOKEN")) {
+			http.Error(w, "Unauthorized bearer", http.StatusForbidden)
+			return
+		}
+
+		next.ServeHTTP(w, r)
+	})
+}
+
 func middleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		readBody, err := ioutil.ReadAll(r.Body)
diff --git a/main_test.go b/main_test.go
new file mode 100644
index 0000000..491b768
--- /dev/null
+++ b/main_test.go
@@ -0,0 +1,42 @@
+package main
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"testing"
+)
+
+func TestHelloServerHandler(t *testing.T) {
+	// Set environment variables
+	os.Setenv("SHARE_TOKEN", "sharetoken")
+
+	req, err := http.NewRequest("GET", "/hello", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Specifying an API key
+	req.Header.Set("Authorization", "Bearer sharetoken")
+
+	// We create a ResponseRecorder (which satisfies http.ResponseWriter) to record the response.
+	rr := httptest.NewRecorder()
+	handler := validateShareToken(http.HandlerFunc(hello))
+
+	// Our handlers satisfy http.Handler, so we can call their ServeHTTP method
+	// directly and pass in our Request and ResponseRecorder.
+	handler.ServeHTTP(rr, req)
+
+	// Check the status code is what we expect.
+	if status := rr.Code; status != http.StatusOK {
+		t.Errorf("handler returned wrong status code: got %v want %v",
+			status, http.StatusOK)
+	}
+
+	// Check the response body is what we expect.
+	expected := `Hello`
+	if rr.Body.String() != expected {
+		t.Errorf("handler returned unexpected body: got %v want %v",
+			rr.Body.String(), expected)
+	}
+}
-- 
GitLab