Example #1
0
// Authenticate a websocket before servicing it.
func AuthWebSocketHandler(h websocket.Handler) http.HandlerFunc {
	hndler := func(w http.ResponseWriter, r *http.Request) {
		if auth.TLSserver != nil && auth.Enabled {
			clive, err := r.Cookie("clive")
			if err != nil {
				cmd.Warn("wax/auth: no cookie: %s", err)
				http.Error(w, "auth failed", 403)
				return
			}
			toks := strings.SplitN(string(clive.Value), ":", 2)
			if len(toks) < 2 {
				cmd.Warn("wax/auth: wrong cookie")
				http.Error(w, "auth failed", 403)
				return
			}
			ch, resp := toks[0], toks[1]
			u, ok := auth.ChallengeResponseOk("wax", ch, resp)
			if !ok {
				cmd.Warn("wax/auth: failed for %s", u)
				http.Error(w, "auth failed", 403)
				return
			}
		}
		s := websocket.Server{Handler: h, Handshake: checkOrigin}
		s.ServeHTTP(w, r)
	}
	return hndler
}
Example #2
0
// Authenticate before calling the handler.
// When TLS is disabled, or there's no key file, auth is considered ok.
func AuthHandler(fn http.HandlerFunc) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		if auth.TLSserver == nil || !auth.Enabled {
			fn(w, r)
			return
		}
		clive, err := r.Cookie("clive")
		if err != nil {
			cmd.Warn("wax/auth: no cookie: %s", err)
			authFailed(w, r)
			return
		}
		toks := strings.SplitN(string(clive.Value), ":", 2)
		if len(toks) < 2 {
			cmd.Warn("wax/auth: wrong cookie")
			authFailed(w, r)
			return
		}
		ch, resp := toks[0], toks[1]
		u, ok := auth.ChallengeResponseOk("wax", ch, resp)
		if !ok {
			cmd.Warn("wax/auth: failed for %s", u)
			authFailed(w, r)
			return
		}
		// TODO: We should decorate r adding the user id to
		// the url as a query, so fn can inspect the query and
		// know which user did auth.
		fn(w, r)
	}
}
Example #3
0
/*
	Authenticate the wax server. To be called early within the
	handler function for wax pages. It returns false if auth failed
	and the handler should return without handling anything.
	When TLS is disabled, or there's no key file, auth is considered ok.
*/
func Auth(w http.ResponseWriter, r *http.Request) bool {
	if auth.TLSserver == nil || !auth.Enabled {
		return true
	}
	clive, err := r.Cookie("clive")
	if err != nil {
		dbg.Warn("wax/auth: no cookie: %s", err)
		failed(w)
		return false
	}
	toks := strings.SplitN(string(clive.Value), ":", 2)
	if len(toks) < 2 {
		dbg.Warn("wax/auth: wrong cookie")
		failed(w)
		return false
	}
	ch, resp := toks[0], toks[1]
	u, ok := auth.ChallengeResponseOk("wax", ch, resp)
	if !ok {
		dbg.Warn("wax/auth: failed for %s", u)
		failed(w)
		return false
	}
	return ok
}