require authentication as 'ref' user to view ref pages

model/event_settings.go

@@ -34,6 +34,7 @@ type EventSettings struct {
 	SwitchPassword              string
 	PlcAddress                  string
 	AdminPassword               string
+	RefPassword                 string
 	WarmupDurationSec           int
 	AutoDurationSec             int
 	PauseDurationSec            int

templates/setup_settings.html

@@ -141,6 +141,10 @@
             <div class="col-lg-7">
               <input type="password" class="form-control" name="adminPassword" value="{{.AdminPassword}}">
             </div>
+            <label class="col-lg-5 control-label">Password for 'ref' user</label>
+            <div class="col-lg-7">
+              <input type="password" class="form-control" name="refPassword" value="{{.RefPassword}}">
+            </div>
           </div>
         </fieldset>
         <fieldset>

web/headref_display.go

@@ -11,6 +11,10 @@ import (
 // through a websockets integration, the head ref will be able to see score updates submitted by other
 // refs in realtime.
 func (web *Web) headrefDisplayHandler(w http.ResponseWriter, r *http.Request) {
+	if !web.userIsExpected(w, r, []string{adminUser, refUser}) {
+		return
+	}
+
 	// if !web.enforceDisplayConfiguration(w, r, map[string]string{"background": "#0f0", "reversed": "false",
 	// 	"overlayLocation": "bottom"}) {
 	// 	return
@@ -41,6 +45,10 @@ func (web *Web) headrefDisplayHandler(w http.ResponseWriter, r *http.Request) {
 
 // The websocket endpoint for the ref display client to receive status updates.
 func (web *Web) headrefDisplayWebsocketHandler(w http.ResponseWriter, r *http.Request) {
+	if !web.userIsExpected(w, r, []string{adminUser, refUser}) {
+		return
+	}
+
 	ws, err := websocket.NewWebsocket(w, r)
 	if err != nil {
 		handleWebErr(w, err)

web/login.go

@@ -7,11 +7,12 @@ package web
 
 import (
 	"fmt"
-	"github.com/Team254/cheesy-arena-lite/model"
-	"github.com/google/uuid"
 	"net/http"
 	"net/url"
 	"time"
+
+	"github.com/Team254/cheesy-arena-lite/model"
+	"github.com/google/uuid"
 )
 
 // Shows the login form.
@@ -58,14 +59,24 @@ func (web *Web) renderLogin(w http.ResponseWriter, r *http.Request, errorMessage
 	}
 }
 
+func contains(slice []string, expected string) bool {
+	for _, s := range slice {
+		if s == expected {
+			return true
+		}
+	}
+	return false
+
+}
+
 // Returns true if the given user is authorized for admin operations. Used for HTTP cookie authentication.
-func (web *Web) userIsAdmin(w http.ResponseWriter, r *http.Request) bool {
+func (web *Web) userIsExpected(w http.ResponseWriter, r *http.Request, expectedUsers []string) bool {
 	if web.arena.EventSettings.AdminPassword == "" {
 		// Disable auth if there is no password configured.
 		return true
 	}
 	session := web.getUserSessionFromCookie(r)
-	if session != nil && session.Username == adminUser {
+	if session != nil && contains(expectedUsers, session.Username) {
 		return true
 	} else {
 		redirect := r.URL.Path
@@ -77,6 +88,14 @@ func (web *Web) userIsAdmin(w http.ResponseWriter, r *http.Request) bool {
 	}
 }
 
+func (web *Web) userIsAdmin(w http.ResponseWriter, r *http.Request) bool {
+	return web.userIsExpected(w, r, []string{adminUser})
+}
+
+func (web *Web) userIsRef(w http.ResponseWriter, r *http.Request) bool {
+	return web.userIsExpected(w, r, []string{refUser})
+}
+
 func (web *Web) getUserSessionFromCookie(r *http.Request) *model.UserSession {
 	token, err := r.Cookie(sessionTokenCookie)
 	if err != nil {
@@ -89,6 +108,8 @@ func (web *Web) getUserSessionFromCookie(r *http.Request) *model.UserSession {
 func (web *Web) checkAuthPassword(user, password string) error {
 	if user == adminUser && password == web.arena.EventSettings.AdminPassword {
 		return nil
+	} else if user == refUser && password == web.arena.EventSettings.RefPassword {
+		return nil
 	} else {
 		return fmt.Errorf("Invalid login credentials.")
 	}

web/ref_display.go

@@ -14,6 +14,10 @@ import (
 // field elements.  through a websockets integration, each ref will be able to see score updates
 // submitted by other refs in realtime.
 func (web *Web) refDisplayHandler(w http.ResponseWriter, r *http.Request) {
+	if !web.userIsExpected(w, r, []string{adminUser, refUser}) {
+		return
+	}
+
 	vars := mux.Vars(r)
 	alliance := vars["alliance"]
 	if alliance != "red" && alliance != "blue" {
@@ -48,6 +52,10 @@ func (web *Web) refDisplayHandler(w http.ResponseWriter, r *http.Request) {
 
 // The websocket endpoint for the ref display client to receive status updates.
 func (web *Web) refDisplayWebsocketHandler(w http.ResponseWriter, r *http.Request) {
+	if !web.userIsExpected(w, r, []string{adminUser, refUser}) {
+		return
+	}
+
 	ws, err := websocket.NewWebsocket(w, r)
 	if err != nil {
 		handleWebErr(w, err)

web/setup_settings.go

@@ -7,14 +7,15 @@ package web
 
 import (
 	"fmt"
-	"github.com/Team254/cheesy-arena-lite/model"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"os"
 	"strconv"
 	"strings"
 	"time"
+
+	"github.com/Team254/cheesy-arena-lite/model"
 )
 
 // Shows the event settings editing page.
@@ -76,6 +77,7 @@ func (web *Web) settingsPostHandler(w http.ResponseWriter, r *http.Request) {
 	eventSettings.SwitchPassword = r.PostFormValue("switchPassword")
 	eventSettings.PlcAddress = r.PostFormValue("plcAddress")
 	eventSettings.AdminPassword = r.PostFormValue("adminPassword")
+	eventSettings.RefPassword = r.PostFormValue("refPassword")
 	eventSettings.WarmupDurationSec, _ = strconv.Atoi(r.PostFormValue("warmupDurationSec"))
 	eventSettings.AutoDurationSec, _ = strconv.Atoi(r.PostFormValue("autoDurationSec"))
 	eventSettings.PauseDurationSec, _ = strconv.Atoi(r.PostFormValue("pauseDurationSec"))

web/web.go

@@ -21,6 +21,7 @@ import (
 const (
 	sessionTokenCookie = "session_token"
 	adminUser          = "admin"
+	refUser            = "ref"
 )
 
 type Web struct {