func newMacaroonStore() *macaroonStore {
key, err := bakery.GenerateKey()
if err != nil {
panic(err)
}
locator := httpbakery.NewThirdPartyLocator(nil, nil)
locator.AllowInsecure()
return &macaroonStore{
store: bakery.NewMemStorage(),
key: key,
locator: locator,
}
}
func authHandler(h http.Handler) http.Handler {
key, _ := bakery.GenerateKey() // TODO check error!
b := bakery.New(bakery.BakeryParams{
Key: key,
})
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
ops := opsForRequest(req)
_, err := b.Checker.Auth().Allow(req.Context(), ops...)
if err != nil {
http.Error(w, err.Error(), http.StatusUnauthorized)
return
}
h.ServeHTTP(w, req)
})
}
func authHandler(h http.Handler, authorizer bakery.Authorizer, identity bakery.IdentityClient) http.Handler {
key, _ := bakery.GenerateKey() // TODO check error!
b := bakery.New(bakery.BakeryParams{
Key: key,
Authorizer: authorizer,
Identity: identity,
})
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
ops := opsForRequest(req)
macaroons := httpbakery.RequestMacaroons(req)
_, err := b.Checker.Auth(macaroons...).Allow(req.Context(), ops...)
if err != nil {
http.Error(w, err.Error(), http.StatusUnauthorized)
return
}
h.ServeHTTP(w, req)
})
}