6830c8879f
* feat(server): moved an http server object into a pkg subdir to be reusable for http, spots, and integrations * feat(web): isolated web module (server, router, middleware, utils) used in spots and new integrations * feat(web): removed possible panic * feat(web): split all handlers from http service into different packages for better management. * feat(web): changed router's method signature * feat(web): added missing handlers interface * feat(web): added health middleware to remove unnecessary checks * feat(web): customizable middleware set for web servers * feat(web): simplified the handler's structure * feat(web): created an unified server.Run method for all web services (http, spot, integrations) * feat(web): fixed a json size limit issue * feat(web): removed Keys and PG connection from router * feat(web): simplified integration's main file * feat(web): simplified spot's main file * feat(web): simplified http's main file (builder) * feat(web): refactored audit trail functionality * feat(web): added ee version of audit trail * feat(web): added ee version of conditions module * feat(web): moved ee version of some web session structs * feat(web): new format of web metrics * feat(web): added new web metrics to all handlers * feat(web): added justExpired feature to web ingest handler * feat(web): added small integrations improvements
65 lines
1.8 KiB
Go
65 lines
1.8 KiB
Go
package auth
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/gorilla/mux"
|
|
|
|
ctxStore "github.com/docker/distribution/context"
|
|
)
|
|
|
|
func (e *authImpl) Middleware(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
user, err := e.IsAuthorized(r.Header.Get("Authorization"), getPermissions(r.URL.Path), e.isExtensionRequest(r))
|
|
if err != nil {
|
|
if !e.isSpotWithKeyRequest(r) {
|
|
e.log.Warn(r.Context(), "Unauthorized request, wrong jwt token: %s", err)
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
user, err = e.keys.IsValid(r.URL.Query().Get("key"))
|
|
if err != nil {
|
|
e.log.Warn(r.Context(), "Unauthorized request, wrong public key: %s", err)
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
return
|
|
}
|
|
}
|
|
|
|
r = r.WithContext(ctxStore.WithValues(r.Context(), map[string]interface{}{"userData": user}))
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
|
|
func (e *authImpl) isExtensionRequest(r *http.Request) bool {
|
|
pathTemplate, err := mux.CurrentRoute(r).GetPathTemplate()
|
|
if err != nil {
|
|
e.log.Error(r.Context(), "failed to get path template: %s", err)
|
|
} else {
|
|
if pathTemplate == "/v1/ping" ||
|
|
(pathTemplate == "/v1/spots" && r.Method == "POST") ||
|
|
(pathTemplate == "/v1/spots/{id}/uploaded" && r.Method == "POST") {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func (e *authImpl) isSpotWithKeyRequest(r *http.Request) bool {
|
|
if e.keys == nil {
|
|
return false
|
|
}
|
|
pathTemplate, err := mux.CurrentRoute(r).GetPathTemplate()
|
|
if err != nil {
|
|
return false
|
|
}
|
|
getSpotPrefix := "/v1/spots/{id}" // GET
|
|
addCommentPrefix := "/v1/spots/{id}/comment" // POST
|
|
getStatusPrefix := "/v1/spots/{id}/status" // GET
|
|
if (pathTemplate == getSpotPrefix && r.Method == "GET") ||
|
|
(pathTemplate == addCommentPrefix && r.Method == "POST") ||
|
|
(pathTemplate == getStatusPrefix && r.Method == "GET") {
|
|
return true
|
|
}
|
|
return false
|
|
}
|