func authUser(confProvider config.Provider, r *http.Request) (*config.User, error) {
// check for a session token
session := r.Header.Get(SESSION_HEADER_NAME)
// create user doesn't require auth
if r.URL.Path == "/api/user" && r.Method == "POST" {
return confProvider.GetUserByUserName("admin")
}
// fetch the user id from the session store for this token
if session != "" {
userName, err := GlobalSession.Get(session)
if err != nil {
return nil, err
}
// get the user by the given id
return confProvider.GetUser(userName)
}
user, password, ok := r.BasicAuth()
if !ok {
return nil, fmt.Errorf("Auth not provided")
}
// fetch the user
u, err := confProvider.GetUserByUserName(user)
if err != nil {
return nil, err
}
// check to see if the password is correct
if !config.CheckUserPassword(u, password) {
return nil, fmt.Errorf("The provided password is incorrect for user %s", user)
}
return u, nil
}
