// CheckRequest checks that the given http request contains at least one
// valid macaroon minted by the given service, using checker to check
// any first party caveats. It returns an error with a
// *bakery.VerificationError cause if the macaroon verification failed.
//
// The assert map holds any required attributes of "declared" attributes,
// overriding any inferences made from the macaroons themselves.
// It has a similar effect to adding a checkers.DeclaredCaveat
// for each key and value, but the error message will be more
// useful.
//
// It adds all the standard caveat checkers to the given checker.
//
// It returns any attributes declared in the successfully validated request.
func CheckRequest(svc *bakery.Service, req *http.Request, assert map[string]string, checker checkers.Checker) (map[string]string, error) {
mss := RequestMacaroons(req)
if len(mss) == 0 {
return nil, &bakery.VerificationError{
Reason: errgo.Newf("no macaroon cookies in request"),
}
}
checker = checkers.New(
checker,
Checkers(req),
checkers.TimeBefore,
)
attrs, err := svc.CheckAny(mss, assert, checker)
if err != nil {
return nil, errgo.Mask(err, isVerificationError)
}
return attrs, nil
}
