Mercurial > gemma
view pkg/auth/middleware.go @ 493:8a0737aa6ab6 metamorph-for-all
The connection pool is now only a session store.
| author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
|---|---|
| date | Fri, 24 Aug 2018 14:25:05 +0200 |
| parents | 62c909dd3098 |
| children | a244b18cb916 |
line wrap: on
line source
package auth import ( "context" "net/http" "strings" ) type contextType int const ( sessionKey contextType = iota tokenKey ) func GetSession(req *http.Request) (*Session, bool) { session, ok := req.Context().Value(sessionKey).(*Session) return session, ok } func GetToken(req *http.Request) (string, bool) { token, ok := req.Context().Value(tokenKey).(string) return token, ok } func SessionMiddleware(next http.Handler) http.Handler { return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { auth := req.Header.Get("X-Gemma-Auth") token := strings.TrimSpace(auth) if token == "" { http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) return } session := Sessions.Session(token) if session == nil { http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) return } ctx := req.Context() ctx = context.WithValue(ctx, sessionKey, session) ctx = context.WithValue(ctx, tokenKey, token) req = req.WithContext(ctx) next.ServeHTTP(rw, req) }) } func SessionChecker(next http.Handler, check func(*Session) bool) http.Handler { return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { claims, ok := GetSession(req) if !ok || !check(claims) { http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) return } next.ServeHTTP(rw, req) }) } func HasRole(roles ...string) func(*Session) bool { return func(session *Session) bool { return session.Roles.HasAny(roles...) } } func EnsureRole(roles ...string) func(http.Handler) http.Handler { return func(handler http.Handler) http.Handler { return SessionMiddleware(SessionChecker(handler, HasRole(roles...))) } }