Mercurial > gemma
view auth/middleware.go @ 249:e0f47d9ebde0
Hotfix: changed login call back to GET from POST.
For some reason POST didn't work as intended: the credentials were not
send... This is only a workaround, as POST would still be the right
way to go...
author | Sascha Wilde <wilde@intevation.de> |
---|---|
date | Fri, 27 Jul 2018 11:04:20 +0200 |
parents | 3771788d3dae |
children | a7b2db8b3d18 |
line wrap: on
line source
package auth import ( "context" "net/http" "strings" ) type contextType int const ( sessionKey contextType = iota tokenKey ) func GetSession(req *http.Request) (*Session, bool) { session, ok := req.Context().Value(sessionKey).(*Session) return session, ok } func GetToken(req *http.Request) (string, bool) { token, ok := req.Context().Value(tokenKey).(string) return token, ok } func SessionMiddleware(next http.Handler) http.Handler { return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { auth := req.Header.Get("X-Gemma-Auth") token := strings.TrimSpace(auth) if token == "" { http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) return } session := ConnPool.Session(token) if session == nil { http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) return } ctx := req.Context() ctx = context.WithValue(ctx, sessionKey, session) ctx = context.WithValue(ctx, tokenKey, token) req = req.WithContext(ctx) next.ServeHTTP(rw, req) }) } func SessionChecker(next http.Handler, check func(*Session) bool) http.Handler { return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { claims, ok := GetSession(req) if !ok || !check(claims) { http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) return } next.ServeHTTP(rw, req) }) } func HasRole(roles ...string) func(*Session) bool { return func(session *Session) bool { for _, r1 := range roles { for _, r2 := range session.Roles { if r1 == r2 { return true } } } return false } } func EnsureRole(roles ...string) func(http.Handler) http.Handler { return func(handler http.Handler) http.Handler { return SessionMiddleware(SessionChecker(handler, HasRole(roles...))) } }