Mercurial > gemma
view pkg/middleware/dbconn.go @ 4723:baabc2b2f094
Avoid creating user profiles without matching role
The INSTEAD OF triggers on users.list_users did that already, but
profile data coming e.g. via restoring a dump had been added also
if there was no matching database role in the cluster.
This also unifies the errors occuring on creation of users with existing
role names that differed between roles with and without profile before.
Note this is no referential integrity. A dropped role still leaves an
orphaned profile behind.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Thu, 17 Oct 2019 18:56:59 +0200 |
parents | 6f9d00c8cc38 |
children | 5f47eeea988d |
line wrap: on
line source
// This is Free Software under GNU Affero General Public License v >= 3.0 // without warranty, see README.md and license for details. // // SPDX-License-Identifier: AGPL-3.0-or-later // License-Filename: LICENSES/AGPL-3.0.txt // // Copyright (C) 2019 by via donau // – Österreichische Wasserstraßen-Gesellschaft mbH // Software engineering by Intevation GmbH // // Author(s): // * Sascha L. Teichmann <sascha.teichmann@intevation.de> package middleware import ( "context" "database/sql" "fmt" "log" "net/http" "gemma.intevation.de/gemma/pkg/auth" ) type wrapDBKeyType int const wrapDBKey wrapDBKeyType = 0 // GetDBConn fetches a *sql.Conn from the context of the request. // Returns nil if no such connection exists. func GetDBConn(req *http.Request) *sql.Conn { if conn, ok := req.Context().Value(wrapDBKey).(*sql.Conn); ok { return conn } return nil } // DBConn is a middleware that stores a *sql.Conn in the context // of the incoming request if the user is authorized and // has a valid session. // The handler will return with an http.StatusUnauthorized else // w/o calling the cascaded next handler. func DBConn(next http.Handler) http.Handler { return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { token, ok := auth.GetToken(req) if !ok { http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) return } session := auth.Sessions.Session(token) if session == nil { http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) return } parent := req.Context() if err := auth.RunAs(parent, session.User, func(conn *sql.Conn) error { ctx := context.WithValue(parent, wrapDBKey, conn) req = req.WithContext(ctx) next.ServeHTTP(rw, req) return nil }); err != nil { log.Printf("error: %v\n", err) http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusInternalServerError) } }) }