Beispiel #1
0
func authorized(token string) (ok bool, err error) {
	if fs := strings.Fields(token); len(fs) == 2 && fs[0] == "Bearer" {
		token = fs[1]
	} else {
		return false, nil
	}

	svc, err := auth.New(http.DefaultClient)
	if err != nil {
		return false, err
	}
	tok, err := svc.Tokeninfo().Access_token(token).Do()
	return err == nil && tok.Email == authEmail, err
}
Beispiel #2
0
// authorized verifies the auth token.  We could do this ourselves using Admin if our caller had used
// the right service account, but this will do it for any account.
func authorized(cx appengine.Context, token string) (bool, error) {
	if user.IsAdmin(cx) {
		cx.Infof("authorized - true")
		return true, nil
	}

	if fs := strings.Fields(token); len(fs) == 2 && fs[0] == "Bearer" {
		token = fs[1]
	} else {
		return false, nil
	}

	svc, err := auth.New(urlfetch.Client(cx))
	if err != nil {
		return false, err
	}
	tok, err := svc.Tokeninfo().Access_token(token).Do()
	if err != nil {
		return false, err
	}
	cx.Infof("  tok %v", tok)
	return tok.Email == abelanaConfig().AuthEmail, nil
}