Beispiel #1
0
func ReadConfigs() error {

	if err := autoflag.Load(gofigure.DefaultLoader, &Config); err != nil {
		logging.Error("Error loading configs: %v", err)
		return err
	}
	logging.Info("Read configs: %#v", &Config)

	for k, m := range Config.APIConfigs {

		if conf, found := Config.apiconfs[k]; found && conf != nil {

			b, err := yaml.Marshal(m)
			if err == nil {

				if err := yaml.Unmarshal(b, conf); err != nil {
					logging.Error("Error reading config for API %s: %s", k, err)
				} else {
					logging.Debug("Unmarshaled API config for %s: %#v", k, conf)
				}

			} else {

				logging.Error("Error marshalling config for API %s: %s", k, err)

			}
		} else {
			logging.Warning("API Section %s in config file not registered with server", k)
		}

	}

	return nil

}
Beispiel #2
0
func (a *API) middlewareHandler(chain *step, security SecurityScheme, renderer Renderer) func(w http.ResponseWriter, r *http.Request, p httprouter.Params) {

	// allow overriding the API's default renderer with a per-route one
	if renderer == nil {
		renderer = a.Renderer
	}

	return func(w http.ResponseWriter, r *http.Request, p httprouter.Params) {

		req := NewRequest(r)

		if !a.AllowInsecure && !req.Secure {
			// local requests bypass security
			if req.RemoteIP != "127.0.0.1" {
				http.Error(w, insecureAccessMessage, http.StatusForbidden)
				return
			}
		}

		r.ParseForm()
		// Copy values from the router params to the request params
		for _, v := range p {
			r.Form.Set(v.Key, v.Value)
		}

		var ret interface{}
		var err error

		if security != nil {
			if err = security.Validate(req); err != nil {
				logging.Warning("Error validating security scheme: %s", err)

				if e, ok := err.(*internalError); ok {
					e.Code = ErrUnauthorized
					err = e
				}
			}
		}
		if err == nil {
			ret, err = chain.handle(w, req)
		}

		if err != Hijacked {

			if err = renderer.Render(ret, err, w, req); err != nil {
				logging.Error("Error rendering response: %s", err)
			}
		} else {
			logging.Debug("Not rendering hijacked request %s", r.RequestURI)
		}

	}

}
Beispiel #3
0
// parse the locale based on Accept-Language header. If no header found or the values are invalid,
// we fall back to en-US
func (r *Request) parseLocale() {

	tags, _, err := language.ParseAcceptLanguage(r.Header.Get("Accept-Language"))
	if err != nil {
		logging.Warning("Could not parse accept lang header: %s", err)
		return
	}

	if len(tags) > 0 {
		logging.Debug("Locale for request: %s", tags[0])
		r.Locale = tags[0].String()
	}
}
Beispiel #4
0
func (b *ConnectionLimiter) Handle(w http.ResponseWriter, r *vertex.Request, next vertex.HandlerFunc) (interface{}, error) {

	num := atomic.AddInt32(&b.running, 1)
	defer atomic.AddInt32(&b.running, -1)
	if num > b.max {

		logging.Warning("Connection limit exceeded: %d/%d", num, b.max)
		return nil, vertex.ResourceUnavailableError("Connection Limit Exceeded")
	}

	return next(w, r)

}
Beispiel #5
0
func (b BasicAuth) Handle(w http.ResponseWriter, r *vertex.Request, next vertex.HandlerFunc) (interface{}, error) {

	if !r.IsLocal() || !b.BypassForLocal {
		user, pass, ok := r.BasicAuth()
		if !ok {
			logging.Debug("No auth header, denying")
			b.requireAuth(w)
			return nil, vertex.Hijacked
		}

		if user != b.User || pass != b.Password {
			logging.Warning("Unmatching auth: %s/%s", user, pass)
			b.requireAuth(w)
			return nil, vertex.Hijacked
		}
	}

	return next(w, r)
}