Ejemplo n.º 1
0
func (c Controller) dbErrOrEmpty(w http.ResponseWriter, err error, msg string) bool {
	if c.stg.IsErrNotFound(err) {
		io.Err(w, msg, http.StatusNotFound)
		return true
	}
	return check.DBErr(w, err)
}
Ejemplo n.º 2
0
// Handle add authorization check middleware before handler call.
// It stores auth info in context
func (mw authMW) Handle(method, path string, handler JunoHandler) {
	authHandler := func(ctx context.Context, w http.ResponseWriter, r *http.Request) {
		const basicPrefix string = "Basic "

		// Get the Basic Authentication credentials
		auth := r.Header.Get("Authorization")
		if strings.HasPrefix(auth, basicPrefix) {
			// Check credentials
			payload, err := base64.StdEncoding.DecodeString(auth[len(basicPrefix):])
			if err == nil {
				pair := bytes.SplitN(payload, []byte(":"), 2)
				if len(pair) == 2 {
					// look for user in storage.
					filter := model.Fields{"email": string(pair[0]), "password": string(pair[1])}
					user, err := mw.stg.UserSearch(ctx, filter)

					if mw.stg.IsErrNotFound(err) {
						io.Err(w, io.ERR_FORBIDDEN, http.StatusForbidden)
						return
					}
					if check.DBErr(w, err) {
						return
					}

					// put user to context
					ctx = model.SetCtxUser(ctx, user)

					// Delegate request to the given handle
					handler(ctx, w, r)
					return
				}
			}
		}

		// Request Basic Authentication otherwise
		w.Header().Set("WWW-Authenticate", "Basic realm=\"Private Area\"")
		io.Err(w, io.ERR_UNAUTHORIZED, http.StatusUnauthorized)
	}

	// configure base router with auth handler
	mw.base.Handle(method, path, JunoHandler(authHandler))
}