func (v *APIKeyValidator) Handle(w http.ResponseWriter, r *vertex.Request, next vertex.HandlerFunc) (interface{}, error) {
if _, found := v.validKeys[r.FormValue(v.paramName)]; !found {
return nil, vertex.UnauthorizedError("missing or invalid api key '%s'", r.FormValue(v.paramName))
}
return next(w, r)
}
// ForceSecure validates that a request is sent over SSL regardless of the global API config
func (f ForceSecure) Handle(w http.ResponseWriter, r *vertex.Request, next vertex.HandlerFunc) (interface{}, error) {
if !r.Secure {
if !r.IsLocal() || !f.AllowLocalInsecure {
return nil, vertex.UnauthorizedError("Insecure Access Forbidden")
}
}
return next(w, r)
}
func (o *OAuthMiddleware) getToken(r *vertex.Request) (interface{}, error) {
if cookie, err := r.Cookie(tokenKey); err == nil {
user, err := o.userValidator.DecodeToken(cookie.Value)
if err != nil {
return nil, err
}
return user, nil
}
return "", errors.New("Could not get cookie")
}
func (o *OAuthMiddleware) Handle(w http.ResponseWriter, r *vertex.Request, next vertex.HandlerFunc) (interface{}, error) {
if strings.HasSuffix(r.URL.Path, loginPath) {
return next(w, r)
}
user, err := o.getToken(r)
if err != nil {
o.redirect(w, r)
return nil, vertex.Hijacked
}
logging.Info("Request authenticated. Continuing!")
r.SetAttribute(AttrUser, user)
return next(w, r)
}
func (b BasicAuth) Handle(w http.ResponseWriter, r *vertex.Request, next vertex.HandlerFunc) (interface{}, error) {
if !r.IsLocal() || !b.BypassForLocal {
user, pass, ok := r.BasicAuth()
if !ok {
logging.Debug("No auth header, denying")
b.requireAuth(w)
return nil, vertex.Hijacked
}
if user != b.User || pass != b.Password {
logging.Warning("Unmatching auth: %s/%s", user, pass)
b.requireAuth(w)
return nil, vertex.Hijacked
}
}
return next(w, r)
}
func APIKeyValidator(r *vertex.Request) error {
if r.FormValue("apiKey") != config.APIKey {
return vertex.UnauthorizedError("Inalid API key")
}
return nil
}