Mercurial > gemma

package auth

import (
	"context"
	"fmt"
	"net/http"
	"regexp"
)

var extractToken = regexp.MustCompile(`\s*Bearer\s+(\S+)`)

type contextType int

const (
	claimsKey contextType = iota
	tokenKey
)

func GetClaims(req *http.Request) (*Claims, bool) {
	claims, ok := req.Context().Value(claimsKey).(*Claims)
	return claims, ok
}

func GetToken(req *http.Request) (string, bool) {
	token, ok := req.Context().Value(tokenKey).(string)
	return token, ok
}

func JWTMiddleware(next http.Handler) http.Handler {

	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {

		auth := req.Header.Get("Authorization")

		token := extractToken.FindStringSubmatch(auth)
		if len(token) != 2 {
			http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
			return
		}

		claims, err := TokenToClaims(token[1])
		if err != nil {
			http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusUnauthorized)
			return
		}

		ctx := req.Context()
		ctx = context.WithValue(ctx, claimsKey, claims)
		ctx = context.WithValue(ctx, tokenKey, token[1])
		req = req.WithContext(ctx)

		next.ServeHTTP(rw, req)
	})
}

func ClaimsChecker(next http.Handler, check func(*Claims) bool) http.Handler {
	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
		claims, ok := GetClaims(req)
		if !ok || !check(claims) {
			http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
			return
		}
		next.ServeHTTP(rw, req)
	})
}

func HasRole(roles ...string) func(*Claims) bool {
	return func(claims *Claims) bool {
		for _, r1 := range roles {
			for _, r2 := range claims.Roles {
				if r1 == r2 {
					return true
				}
			}
		}
		return false
	}
}
author	Thomas Junk <thomas.junk@intevation.de>
date	Mon, 02 Jul 2018 09:37:53 +0200
parents	441a8ee637c5
children	0c56c56a1c44