func (h *CBAuthBasicLogin) ServeHTTP(
w http.ResponseWriter, req *http.Request) {
authType := ""
if h.mgr != nil && h.mgr.Options() != nil {
authType = h.mgr.Options()["authType"]
}
if authType == "cbauth" {
creds, err := cbauth.AuthWebCreds(req)
if err != nil {
http.Error(w, fmt.Sprintf("rest_auth: cbauth.AuthWebCreds,"+
" err: %v ", err), 403)
return
}
if creds.Source() == "anonymous" {
// force basic auth login by sending 401
cbauth.SendUnauthorized(w)
return
}
}
// redirect to /
http.Redirect(w, req, "/", http.StatusMovedPermanently)
}
func doServeHostBucket(w http.ResponseWriter, req *http.Request) (err error) {
log.Printf("Serving: %s %s", req.Method, req.RequestURI)
if req.Method != "GET" {
http.NotFound(w, req)
return
}
host, bucket := recogniseHostBucket(req)
if bucket == "" || host == "" {
http.NotFound(w, req)
return
}
creds, err := cbauth.AuthWebCreds(req)
if err != nil {
return
}
log.Printf("User name: `%s'", creds.Name())
canAccess, err := creds.CanAccessBucket(bucket)
if err != nil {
return
}
if !canAccess {
cbauth.SendUnauthorized(w)
return
}
payload, err := performBucketRequest(bucket, "http://"+host+"/")
if err != nil {
return
}
w.Write(payload)
return
}
func getRealUserIdFromRequest(request *http.Request) *RealUserId {
creds, err := cbauth.AuthWebCreds(request)
if err != nil {
log.Printf("Error getting real user id from http request."+
" err=%v\n", err)
// put unknown user in the audit log.
return &RealUserId{"internal", "unknown"}
}
return &RealUserId{creds.Source(), creds.Name()}
}
func CheckAPIAuth(mgr *cbgt.Manager,
w http.ResponseWriter, req *http.Request, path string) (allowed bool) {
authType := ""
if mgr != nil && mgr.Options() != nil {
authType = mgr.Options()["authType"]
}
if authType == "" {
return true
}
if authType != "cbauth" {
return false
}
creds, err := cbauth.AuthWebCreds(req)
if err != nil {
http.Error(w, fmt.Sprintf("rest_auth: cbauth.AuthWebCreds,"+
" err: %v ", err), 403)
return false
}
perms, err := preparePerms(mgr, req, req.Method, path)
if err != nil {
http.Error(w, fmt.Sprintf("rest_auth: preparePerm,"+
" err: %v ", err), 403)
return false
}
for _, perm := range perms {
allowed, err = creds.IsAllowed(perm)
if err != nil {
http.Error(w, fmt.Sprintf("rest_auth: cbauth.IsAllowed,"+
" err: %v ", err), 403)
return false
}
if !allowed {
cbauth.SendForbidden(w, perm)
return false
}
}
return true
}
func checkAuth(w http.ResponseWriter, req *http.Request) (admin bool) {
switch {
case authType == "cbauth":
creds, err := cbauth.AuthWebCreds(req)
if err != nil {
http.Error(w, fmt.Sprintf("auth err: %v ", err), 403)
return
}
admin, err = creds.IsAdmin()
if err != nil {
http.Error(w, fmt.Sprintf("auth err: %v ", err), 403)
return
}
if !admin {
cbauth.SendUnauthorized(w)
return
}
return
case authType == "":
return true
}
return true
}