Mercurial > gemma
annotate pkg/middleware/modifyquery.go @ 2690:ef59a4255670
Added http middlewares to connect to db and parse input as JSON. This complements the JSONHandler which is for JSON in to JSON out. The new middlewares are for JSON in to abitrary out.
| author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
|---|---|
| date | Fri, 15 Mar 2019 16:45:34 +0100 |
| parents | 04967d6565fa |
| children | 5f47eeea988d |
| rev | line source |
|---|---|
|
1017
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
471
diff
changeset
|
1 // This is Free Software under GNU Affero General Public License v >= 3.0 |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
471
diff
changeset
|
2 // without warranty, see README.md and license for details. |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
471
diff
changeset
|
3 // |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
471
diff
changeset
|
4 // SPDX-License-Identifier: AGPL-3.0-or-later |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
471
diff
changeset
|
5 // License-Filename: LICENSES/AGPL-3.0.txt |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
471
diff
changeset
|
6 // |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
471
diff
changeset
|
7 // Copyright (C) 2018 by via donau |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
471
diff
changeset
|
8 // – Österreichische Wasserstraßen-Gesellschaft mbH |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
471
diff
changeset
|
9 // Software engineering by Intevation GmbH |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
471
diff
changeset
|
10 // |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
471
diff
changeset
|
11 // Author(s): |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
471
diff
changeset
|
12 // * Sascha L. Teichmann <sascha.teichmann@intevation.de> |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
471
diff
changeset
|
13 |
|
419
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
14 package middleware |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
15 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
16 import ( |
|
467
73c7b2d6246e
Used hex-encoded usernames and a stored procedure to decode them to impersonate with the metamorph user.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
438
diff
changeset
|
17 "encoding/hex" |
|
419
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
18 "log" |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
19 "net/http" |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
20 "net/url" |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
21 "strings" |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
22 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
23 "gemma.intevation.de/gemma/pkg/auth" |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
24 ) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
25 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
26 // ParseQuery is a modified version of the internal query |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
27 // parser of the url.parseQuery of the standard library. |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
28 func ParseQuery( |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
29 m url.Values, |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
30 query string, |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
31 keySep, valueSep string, |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
32 unescape func(string) (string, error), |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
33 ) error { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
34 if unescape == nil { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
35 unescape = url.QueryUnescape |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
36 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
37 for query != "" { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
38 key := query |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
39 if i := strings.Index(key, keySep); i >= 0 { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
40 key, query = key[:i], key[i+1:] |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
41 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
42 } else { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
43 query = "" |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
44 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
45 if key == "" { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
46 continue |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
47 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
48 value := "" |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
49 if i := strings.Index(key, valueSep); i >= 0 { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
50 key, value = key[:i], key[i+1:] |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
51 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
52 key, err := unescape(key) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
53 if err != nil { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
54 return err |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
55 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
56 value, err = unescape(value) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
57 if err != nil { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
58 return err |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
59 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
60 m[key] = append(m[key], value) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
61 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
62 return nil |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
63 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
64 |
|
1494
04967d6565fa
Added api doc strings for the middleware package.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1040
diff
changeset
|
65 // ModifyQuery creates an http.Handler which calls a modify function first before |
|
04967d6565fa
Added api doc strings for the middleware package.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1040
diff
changeset
|
66 // calling the the nested next http.Handler. |
|
419
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
67 func ModifyQuery(next http.Handler, modify func(*http.Request, url.Values) error) http.Handler { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
68 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
69 return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
70 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
71 // GeoServer query parameters contain ';' as sub key separators. |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
72 // If we would use req.URL.Query() this would be split |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
73 // at the wrong level resulting in broken key/value pairs. |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
74 // So we do the splitting ourselves. |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
75 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
76 parameters := make(url.Values) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
77 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
78 if err := ParseQuery(parameters, req.URL.RawQuery, "&", "=", nil); err != nil { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
79 log.Printf("parsing query failed: %v\n", err) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
80 http.Error(rw, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
81 return |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
82 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
83 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
84 if err := modify(req, parameters); err != nil { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
85 log.Printf("modifying query parameters failed: %v\n", err) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
86 http.Error(rw, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
87 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
88 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
89 req.URL.RawQuery = parameters.Encode() |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
90 |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
91 next.ServeHTTP(rw, req) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
92 }) |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
93 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
94 |
|
1494
04967d6565fa
Added api doc strings for the middleware package.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1040
diff
changeset
|
95 // InjectUser is a modify function fitting into ModifyQuery to inject the |
|
04967d6565fa
Added api doc strings for the middleware package.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1040
diff
changeset
|
96 // user's name from the current session hex-encoded into the 'env' query parameter. |
|
04967d6565fa
Added api doc strings for the middleware package.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1040
diff
changeset
|
97 // This is used by the GeoServer to restrict the access to this the user/role |
|
04967d6565fa
Added api doc strings for the middleware package.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1040
diff
changeset
|
98 // to show show the requested map. |
|
419
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
99 func InjectUser(req *http.Request, parameters url.Values) error { |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
100 // To prevent SQL injections |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
101 parameters.Del("env") |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
102 |
|
471
1b08432a0e5d
Cosmetics.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
467
diff
changeset
|
103 if session, ok := auth.GetSession(req); ok { |
|
1040
aac42dacb503
Stopped log spamming from OGC proxy and stopped leaking injected user names into log.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1017
diff
changeset
|
104 // log.Printf("info: injecting user %s\n", session.User) |
|
467
73c7b2d6246e
Used hex-encoded usernames and a stored procedure to decode them to impersonate with the metamorph user.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
438
diff
changeset
|
105 parameters.Set("env", "user:"+hex.EncodeToString([]byte(session.User))) |
|
419
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
106 } |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
107 return nil |
|
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
108 } |