Beispiel #1
0
func (h *CBAuthBasicLogin) ServeHTTP(
	w http.ResponseWriter, req *http.Request) {

	authType := ""
	if h.mgr != nil && h.mgr.Options() != nil {
		authType = h.mgr.Options()["authType"]
	}

	if authType == "cbauth" {
		creds, err := cbauth.AuthWebCreds(req)
		if err != nil {
			http.Error(w, fmt.Sprintf("rest_auth: cbauth.AuthWebCreds,"+
				" err: %v ", err), 403)
			return
		}

		if creds.Source() == "anonymous" {
			// force basic auth login by sending 401
			cbauth.SendUnauthorized(w)
			return
		}
	}

	// redirect to /
	http.Redirect(w, req, "/", http.StatusMovedPermanently)
}
Beispiel #2
0
func doServeHostBucket(w http.ResponseWriter, req *http.Request) (err error) {
	log.Printf("Serving: %s %s", req.Method, req.RequestURI)
	if req.Method != "GET" {
		http.NotFound(w, req)
		return
	}

	host, bucket := recogniseHostBucket(req)
	if bucket == "" || host == "" {
		http.NotFound(w, req)
		return
	}

	creds, err := cbauth.AuthWebCreds(req)
	if err != nil {
		return
	}
	log.Printf("User name: `%s'", creds.Name())
	canAccess, err := creds.CanAccessBucket(bucket)
	if err != nil {
		return
	}
	if !canAccess {
		cbauth.SendUnauthorized(w)
		return
	}

	payload, err := performBucketRequest(bucket, "http://"+host+"/")
	if err != nil {
		return
	}

	w.Write(payload)
	return
}
Beispiel #3
0
func getRealUserIdFromRequest(request *http.Request) *RealUserId {
	creds, err := cbauth.AuthWebCreds(request)
	if err != nil {
		log.Printf("Error getting real user id from http request."+
			" err=%v\n", err)
		// put unknown user in the audit log.
		return &RealUserId{"internal", "unknown"}
	}

	return &RealUserId{creds.Source(), creds.Name()}
}
Beispiel #4
0
func CheckAPIAuth(mgr *cbgt.Manager,
	w http.ResponseWriter, req *http.Request, path string) (allowed bool) {
	authType := ""
	if mgr != nil && mgr.Options() != nil {
		authType = mgr.Options()["authType"]
	}

	if authType == "" {
		return true
	}

	if authType != "cbauth" {
		return false
	}

	creds, err := cbauth.AuthWebCreds(req)
	if err != nil {
		http.Error(w, fmt.Sprintf("rest_auth: cbauth.AuthWebCreds,"+
			" err: %v ", err), 403)
		return false
	}

	perms, err := preparePerms(mgr, req, req.Method, path)
	if err != nil {
		http.Error(w, fmt.Sprintf("rest_auth: preparePerm,"+
			" err: %v ", err), 403)
		return false
	}

	for _, perm := range perms {
		allowed, err = creds.IsAllowed(perm)
		if err != nil {
			http.Error(w, fmt.Sprintf("rest_auth: cbauth.IsAllowed,"+
				" err: %v ", err), 403)
			return false
		}

		if !allowed {
			cbauth.SendForbidden(w, perm)
			return false
		}
	}

	return true
}
Beispiel #5
0
func checkAuth(w http.ResponseWriter, req *http.Request) (admin bool) {
	switch {
	case authType == "cbauth":
		creds, err := cbauth.AuthWebCreds(req)
		if err != nil {
			http.Error(w, fmt.Sprintf("auth err: %v ", err), 403)
			return
		}
		admin, err = creds.IsAdmin()
		if err != nil {
			http.Error(w, fmt.Sprintf("auth err: %v ", err), 403)
			return
		}
		if !admin {
			cbauth.SendUnauthorized(w)
			return
		}
		return
	case authType == "":
		return true
	}
	return true
}