Mercurial > gemma
annotate pkg/middleware/modifyquery.go @ 440:3739aa34f838
Renamed externalservices.go to extservices.go
| author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
|---|---|
| date | Tue, 21 Aug 2018 14:45:38 +0200 |
| parents | ffdb507d5b42 |
| children | 73c7b2d6246e |
| rev | line source |
|---|---|
|
419
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
1 package middleware |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
2 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
3 import ( |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
4 "log" |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
5 "net/http" |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
6 "net/url" |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
7 "strings" |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
8 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
9 "gemma.intevation.de/gemma/pkg/auth" |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
10 ) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
11 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
12 // ParseQuery is a modified version of the internal query |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
13 // parser of the url.parseQuery of the standard library. |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
14 func ParseQuery( |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
15 m url.Values, |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
16 query string, |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
17 keySep, valueSep string, |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
18 unescape func(string) (string, error), |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
19 ) error { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
20 if unescape == nil { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
21 unescape = url.QueryUnescape |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
22 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
23 for query != "" { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
24 key := query |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
25 if i := strings.Index(key, keySep); i >= 0 { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
26 key, query = key[:i], key[i+1:] |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
27 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
28 } else { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
29 query = "" |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
30 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
31 if key == "" { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
32 continue |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
33 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
34 value := "" |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
35 if i := strings.Index(key, valueSep); i >= 0 { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
36 key, value = key[:i], key[i+1:] |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
37 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
38 key, err := unescape(key) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
39 if err != nil { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
40 return err |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
41 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
42 value, err = unescape(value) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
43 if err != nil { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
44 return err |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
45 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
46 m[key] = append(m[key], value) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
47 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
48 return nil |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
49 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
50 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
51 func ModifyQuery(next http.Handler, modify func(*http.Request, url.Values) error) http.Handler { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
52 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
53 return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
54 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
55 // GeoServer query parameters contain ';' as sub key separators. |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
56 // If we would use req.URL.Query() this would be split |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
57 // at the wrong level resulting in broken key/value pairs. |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
58 // So we do the splitting ourselves. |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
59 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
60 parameters := make(url.Values) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
61 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
62 if err := ParseQuery(parameters, req.URL.RawQuery, "&", "=", nil); err != nil { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
63 log.Printf("parsing query failed: %v\n", err) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
64 http.Error(rw, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
65 return |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
66 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
67 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
68 if err := modify(req, parameters); err != nil { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
69 log.Printf("modifying query parameters failed: %v\n", err) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
70 http.Error(rw, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
71 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
72 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
73 req.URL.RawQuery = parameters.Encode() |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
74 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
75 next.ServeHTTP(rw, req) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
76 }) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
77 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
78 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
79 func InjectUser(req *http.Request, parameters url.Values) error { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
80 // To prevent SQL injections |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
81 parameters.Del("env") |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
82 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
83 session, ok := auth.GetSession(req) |
|
438
ffdb507d5b42
Removed db service user. Use an impersonated metamorph user instead.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
419
diff
changeset
|
84 if ok && !strings.ContainsAny(session.User, auth.InvalidRoleCharacters) { |
|
419
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
85 log.Printf("Injecting user %s\n", session.User) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
86 parameters.Set("env", "user:"+session.User) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
87 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
88 return nil |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
89 } |