Example #1
3
func CheckSession(h http.HandlerFunc) http.HandlerFunc {
	// Handler to check for session cookie
	// if session key is valid last seen time is updated and response returned
	// else returns 403
	session := func(w http.ResponseWriter, r *http.Request) {
		u := UserSession{}

		cookie, err := r.Cookie("SessionId")
		if err != nil {
			log.Printf("INFO: session cookie not found: %s", err)
			w.WriteHeader(403)
			return
		}

		err = u.checkSession(cookie.Value)
		if err != nil {
			log.Printf("ERROR: no matching session id: %s", err)
			w.WriteHeader(403)
			return
		}
		u.LastSeenTime = time.Now()
		u.updateSession(u.SessionKey)
		h.ServeHTTP(w, r)
	}

	return session
}
Example #2
0
func wrapHandlerFunc1(h http.HandlerFunc) http.HandlerFunc {
	return func(w http.ResponseWriter, req *http.Request) {
		start := time.Now()
		h.ServeHTTP(w, req)
		logger.Printf("%s %s   |  Took %s", req.Method, req.URL.Path, time.Since(start))
	}
}
Example #3
0
func logger(inner http.HandlerFunc, name string) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		start := time.Now()
		inner.ServeHTTP(w, r)
		NewLogItem(r, start).Log()
	})
}
Example #4
0
// cors is an HTTP handler for managing cross-origin resource sharing.
// Ref: https://en.wikipedia.org/wiki/Cross-origin_resource_sharing.
func cors(f http.HandlerFunc, methods ...string) http.HandlerFunc {
	ms := strings.Join(methods, ", ") + ", OPTIONS"
	md := make(map[string]struct{})
	for _, method := range methods {
		md[method] = struct{}{}
	}
	return func(w http.ResponseWriter, r *http.Request) {
		origin := "*"
		if len(r.Header.Get("Origin")) > 0 {
			origin = r.Header.Get("Origin")
		}
		w.Header().Set("Access-Control-Allow-Origin", origin)
		w.Header().Set("Access-Control-Allow-Methods", ms)
		w.Header().Set("Access-Control-Allow-Credentials", "true")
		if r.Method == "OPTIONS" {
			w.WriteHeader(http.StatusOK)
			return
		}
		if _, exists := md[r.Method]; exists {
			f.ServeHTTP(w, r)
			return
		}
		w.Header().Set("Allow", ms)
		http.Error(w,
			http.StatusText(http.StatusMethodNotAllowed),
			http.StatusMethodNotAllowed)
	}
}
Example #5
0
func wrapOnce(handler http.HandlerFunc, app *App) http.HandlerFunc {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		log.Printf("Last client accepted, closing the listener.")
		app.server.Close()
		handler.ServeHTTP(w, r)
	})
}
Example #6
0
func (lr *layerReader) Handler(r *http.Request) (h http.Handler, err error) {
	var handlerFunc http.HandlerFunc

	redirectURL, err := lr.fileReader.driver.URLFor(lr.ctx, lr.path, map[string]interface{}{"method": r.Method})

	switch err {
	case nil:
		handlerFunc = func(w http.ResponseWriter, r *http.Request) {
			// Redirect to storage URL.
			http.Redirect(w, r, redirectURL, http.StatusTemporaryRedirect)
		}
	case driver.ErrUnsupportedMethod:
		handlerFunc = func(w http.ResponseWriter, r *http.Request) {
			// Fallback to serving the content directly.
			http.ServeContent(w, r, lr.digest.String(), lr.CreatedAt(), lr)
		}
	default:
		// Some unexpected error.
		return nil, err
	}

	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.Header().Set("Docker-Content-Digest", lr.digest.String())
		handlerFunc.ServeHTTP(w, r)
	}), nil
}
Example #7
0
// rateLimit uses redis to enforce rate limits per route. This middleware should
// only be used on routes that contain binIds or other unique identifiers,
// otherwise the rate limit will be globally applied, instead of scoped to a
// particular bin.
func (gb *geobinServer) rateLimit(h http.HandlerFunc, requestsPerSec int) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		url := r.URL.Path
		ts := time.Now().Unix()
		key := fmt.Sprintf("rate-limit:%s:%d", url, ts)

		exists, err := gb.Exists(key)
		if err != nil {
			log.Println(err)
		}

		if exists {
			res, err := gb.RedisClient.Get(key)
			if err != nil {
				http.Error(w, "API Error", http.StatusServiceUnavailable)
				return
			}

			reqCount, _ := strconv.Atoi(res)
			if reqCount >= requestsPerSec {
				http.Error(w, "Rate limit exceeded. Wait a moment and try again.", http.StatusInternalServerError)
				return
			}
		}

		gb.Incr(key)
		gb.Expire(key, 5*time.Second)

		h.ServeHTTP(w, r)
	}
}
Example #8
0
// httpHandlerToMiddleware creates a middleware from a http.HandlerFunc.
// The middleware calls the ServerHTTP method exposed by the http handler and then calls the next
// middleware in the chain.
func httpHandlerToMiddleware(m http.HandlerFunc) Middleware {
	return func(h Handler) Handler {
		return func(ctx context.Context, rw http.ResponseWriter, req *http.Request) error {
			m.ServeHTTP(rw, req)
			return h(ctx, rw, req)
		}
	}
}
Example #9
0
// httpHandlerToMiddleware creates a middleware from a http.HandlerFunc.
// The middleware calls the ServerHTTP method exposed by the http handler and then calls the next
// middleware in the chain.
func httpHandlerToMiddleware(m http.HandlerFunc) Middleware {
	return func(h Handler) Handler {
		return func(ctx *Context) error {
			m.ServeHTTP(ctx, ctx.Request())
			return h(ctx)
		}
	}
}
Example #10
0
func LogHttpRequest(h http.HandlerFunc) http.HandlerFunc {

	return func(w http.ResponseWriter, r *http.Request) {
		log.Info(r.RemoteAddr, " ", r.Method, " ", r.RequestURI, " ", r.Header.Get("Authorization"))
		h.ServeHTTP(w, r)

	}
}
Example #11
0
func ConnectWebHook(h http.HandlerFunc) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		params := mux.Vars(r)
		token := r.FormValue("token")
		data, err := Model.Get(params["app_key"])
		if err != nil {
			http.Error(w, err.Error(), 404)
			return
		}

		// no fill in connect_hook
		hook_url := data.ConnectHook
		if hook_url == "" {
			h.ServeHTTP(w, r)
			return
		}

		//fill in connect_hook bug url parse error
		u, err := url.Parse(hook_url)
		if err != nil {
			log.Warn(r.RemoteAddr, " ", params["app_key"], " ", err.Error())
			http.Error(w, "hook url error", 404)
			return
		}

		//hook  url requset
		v := url.Values{}
		v.Add("token", token)
		req, err := http.NewRequest("POST", u.String(), bytes.NewBufferString(v.Encode()))
		if err != nil {
			log.Warn(r.RemoteAddr, " ", err.Error())
			http.Error(w, err.Error(), 404)
			return
		}
		req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
		req.Header.Add("Content-Length", strconv.Itoa(len(v.Encode())))
		resp, err := ReqWorker.Execute(req)
		if err != nil {
			log.Warn("Hook Error")
			http.Error(w, err.Error(), 404)
			return
		}
		b, err := ioutil.ReadAll(resp.Body)
		resp.Body.Close()
		if err != nil {
			log.Warn(err)
			http.Error(w, err.Error(), 404)
			return
		}
		ret := string(b)
		if ret != params["user_tag"] {
			log.Warn("Error user_tag " + params["user_tag"] + ", response user_tag " + ret)
			http.Error(w, "Error user_tag "+params["user_tag"]+", response user_tag "+ret, 404)
			return
		}
		h.ServeHTTP(w, r)
	}
}
Example #12
0
func (s *HTTPServer) Handle(method, route string, handler http.HandlerFunc) {
	f := func(w http.ResponseWriter, r *http.Request) {
		if r.Method != method {
			http.NotFound(w, r)
			return
		}
		handler.ServeHTTP(w, r)
	}
	s.router.HandleFunc(route, f)
}
Example #13
0
// wrapHTTPHandlerFuncMW wraps http.HandlerFunc middleware.
func wrapHTTPHandlerFuncMW(m http.HandlerFunc) MiddlewareFunc {
	return func(h HandlerFunc) HandlerFunc {
		return func(c *Context) error {
			if !c.response.committed {
				m.ServeHTTP(c.response.writer, c.request)
			}
			return h(c)
		}
	}
}
Example #14
0
func loggingHandler(next http.HandlerFunc) http.Handler {
	fn := func(w http.ResponseWriter, r *http.Request) {
		start := time.Now()
		log.Printf("Started %s %s", r.Method, r.URL.Path)
		next.ServeHTTP(w, r)
		log.Printf("Completed %s in %v", r.URL.Path, time.Since(start))
	}

	return http.HandlerFunc(fn)
}
Example #15
0
func AppKeyVerity(h http.HandlerFunc) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		params := mux.Vars(r)
		if !Model.IsExist(params["app_key"]) {
			log.Warn(r.RemoteAddr, " ", params["app_key"]+" app_key does not exist")
			http.Error(w, "app_key does not exist", 404)
			return
		}
		h.ServeHTTP(w, r)
	}
}
Example #16
0
File: auth.go Project: akkgr/gestia
/* wrap a HandlerFunc to be authenticated */
func (t *TokenAuth) HandleFunc(handlerFunc http.HandlerFunc) http.HandlerFunc {
	return func(w http.ResponseWriter, req *http.Request) {
		token, err := t.Authenticate(req)
		if err != nil {
			t.UnauthorizedHandler.ServeHTTP(w, req)
			return
		}
		context.Set(req, "token", token)
		handlerFunc.ServeHTTP(w, req)
	}
}
Example #17
0
// wrapHTTPHandlerFuncMW wraps http.HandlerFunc middleware.
func wrapHTTPHandlerFuncMW(m http.HandlerFunc) MiddlewareFunc {
	return func(h HandlerFunc) HandlerFunc {
		return func(c *Context) {
			if !c.Response.Committed() {
				m.ServeHTTP(c.Response, c.Request)
			}

			h(c)
		}
	}
}
Example #18
0
File: qr.go Project: amrhassan/rsc
func carp(f http.HandlerFunc) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
		defer func() {
			if err := recover(); err != nil {
				w.Header().Set("Content-Type", "text/plain")
				fmt.Fprintf(w, "<pre>\npanic: %s\n\n%s\n", err, debug.Stack())
			}
		}()
		f.ServeHTTP(w, req)
	})
}
Example #19
0
File: brog.go Project: uiri/brog
func (b *Brog) logHandlerFunc(h http.HandlerFunc) http.HandlerFunc {
	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {

		b.Ok("request by %s for '%s' as '%s'",
			req.RemoteAddr, req.RequestURI, req.UserAgent())

		now := time.Now()
		h.ServeHTTP(w, req)
		b.Ok("Done in %s", time.Since(now))
	})
}
Example #20
0
File: api.go Project: tsuru/diaats
func handler(fn http.HandlerFunc) http.HandlerFunc {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if config.Username != "" && config.Password != "" {
			if username, password, ok := r.BasicAuth(); !ok || username != config.Username || password != config.Password {
				w.Header().Add("WWW-Authenticate", `Basic realm="diaats"`)
				w.WriteHeader(http.StatusUnauthorized)
				return
			}
		}
		fn.ServeHTTP(w, r)
	})
}
Example #21
0
func async(h http.HandlerFunc) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		w.WriteHeader(http.StatusAccepted)
		fmt.Fprint(w, http.StatusAccepted)

		go func() {
			log.Print("Starting async...")
			h.ServeHTTP(httptest.NewRecorder(), r)
			log.Print("Finishing async.")
		}()
	}
}
Example #22
0
// Wrap a http.Handler to support transparent gzip encoding.
func gzHandler(h http.HandlerFunc) http.HandlerFunc {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if !strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
			h.ServeHTTP(w, r)
			return
		}
		w.Header().Set("Content-Encoding", "gzip")
		gz := gzip.NewWriter(w)
		defer gz.Close()
		h.ServeHTTP(&gzipResponseWriter{Writer: gz, ResponseWriter: w}, r)
	})
}
Example #23
0
// For all static files. (CSS, JS, IMG, etc...)
func static(h http.HandlerFunc) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		if false == checkControlPanelPassword(w, r) {
			return
		}
		if strings.ContainsRune(r.URL.Path, '.') {
			mux.ServeHTTP(w, r)
			return
		}
		h.ServeHTTP(w, r)
	}
}
Example #24
0
// Auth provides the ability to control authorization for the individual handlers.
//
// Example.
//    g, _ := gelada.New(options)
//    mux := http.NewServeMux()
//    mux.HandleFunc("/api/", g.Auth(apiHandler)) // auth control only for this handler
//    mux.HandleFunc("/main", mainHandler)
//
//    http.Handle("/", mux)
func (g *Gelada) Auth(f http.HandlerFunc) http.HandlerFunc {
	return func(res http.ResponseWriter, req *http.Request) {
		if req.URL.Path == g.options.LoginRoute || g.noAuthExeption(req) {
			f.ServeHTTP(res, req)
			return
		}

		if g.checkAuth(res, req) {
			f.ServeHTTP(res, req)
		}
	}
}
Example #25
0
func SingleHost(handler http.HandlerFunc, allowedHost string) http.HandlerFunc {
	// Simple middleware function to limit requests to only allowed hosts
	ourFunc := func(w http.ResponseWriter, r *http.Request) {
		host := r.Host
		if host == allowedHost {
			handler.ServeHTTP(w, r)
		} else {
			w.WriteHeader(403)
		}
	}
	return http.HandlerFunc(ourFunc)
}
Example #26
0
//Used to wrap a view and check for auth
func checkAuth(fn http.HandlerFunc, a auth) http.HandlerFunc {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		_, err := getUser(r)
		if err != nil {
			log.Printf("error getting a User %s", err)
			http.Redirect(w, r, os.Getenv("GITHUB_CALLBACK_URL")+"/auth/github/login", http.StatusMovedPermanently)

			return
		}
		fn.ServeHTTP(w, r)
	})
}
Example #27
0
func BasicAuth(h http.HandlerFunc) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		w.Header().Set("WWW-Authenicate", `Basic realm="Restricted`)
		s := strings.SplitN(r.Header.Get("Authorization"), " ", 2)
		if len(s) != 2 {
			log.Warn(r.RemoteAddr, "auth Error")
			http.Error(w, "Not authorized", 401)
			return
		}

		b, err := base64.StdEncoding.DecodeString(s[1])
		if err != nil {
			http.Error(w, err.Error(), 401)
			return
		}
		pair := strings.SplitN(string(b), ":", 2)
		if len(pair) != 2 {
			log.Warn(r.RemoteAddr, " auth param empty")
			http.Error(w, "Not authorized", 401)
			return
		}

		params := mux.Vars(r)
		var account string
		var password string

		//super admin 可通過任何api
		if pair[0] == GlobalConf.AuthAccount && bcrypt.CompareHashAndPassword([]byte(GlobalConf.AuthPassword), []byte(pair[0]+pair[1])) == nil {
			h.ServeHTTP(w, r)
			return
		}

		if params["app_key"] != "" {
			data, err := Model.Get(params["app_key"])
			if err != nil {
				log.Warn(r.RemoteAddr, " ", err.Error())
				http.Error(w, err.Error(), 401)
				return
			}
			account = data.AuthAccount
			password = data.AuthPassword
		}

		if pair[0] != account || bcrypt.CompareHashAndPassword([]byte(password), []byte(pair[0]+pair[1])) != nil {
			log.Warn(r.RemoteAddr, " auth error "+pair[0]+" "+pair[1])
			http.Error(w, "Not authorized", 401)
			return
		}
		h.ServeHTTP(w, r)

	}
}
Example #28
0
File: brog.go Project: uiri/brog
func (b *Brog) langHandlerFunc(h http.HandlerFunc) http.HandlerFunc {
	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
		if b.Config.Multilingual {
			_, validLang := b.extractLanguage(req)
			b.setLangCookie(req, rw)
			if !validLang {
				b.langSelectFunc(rw, req)
				return
			}
		}
		h.ServeHTTP(rw, req)
	})
}
// loggedInHandler returns a handler that calls the given handler when the client uses a certificate to authenticate.
// Otherwise it sends a Ecca-login page
func (ecca *Authentication) LoggedInHandler(handler http.HandlerFunc, templateParams ...interface{}) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
		// Require to be logged in.
		ecca.debug("Ecca: Checking if user is logged in")
		if len(req.TLS.PeerCertificates) == 0 {
			ecca.debug("Ecca: User does not have a (correct) certificate, sending login page\n")
			ecca.SendToLoginPage(w, templateParams...)
			return
		}
		// User is logged in. Run the application handler.
		ecca.debug("Ecca: User has certificate. CN is: %v\n", req.TLS.PeerCertificates[0].Subject.CommonName)
		handler.ServeHTTP(w, req)
	})
}
Example #30
0
func httpHandlerToHandlerShadowd(next http.HandlerFunc) http.HandlerFunc {
	return http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) {
		shodowdres, err := shadowServer.SendToShadowd(req)
		newmap := make(map[string]interface{})
		err = json.Unmarshal([]byte(shodowdres), &newmap)
		if err != nil {
			panic(err)
		}
		res.Header().Set("X-Ngtech-Proxy", "Shadower")
		switch int(newmap["status"].(float64)) {
		case shadowd.STATUS_OK:
			fmt.Println("Request reported, OK")
		case shadowd.STATUS_BAD_REQUEST:
			res.Header().Set("Content-Type", "text/html")
			res.WriteHeader(400)
			res.Write([]byte(internalerrorpage))
			return
		case shadowd.STATUS_BAD_SIGNATURE:
			res.Header().Set("Content-Type", "text/html")
			res.WriteHeader(500)
			res.Write([]byte(internalerrorpage))
			return
		case shadowd.STATUS_BAD_JSON:
			res.Header().Set("Content-Type", "text/html")
			res.WriteHeader(500)
			res.Write([]byte(internalerrorpage))
			return
		case shadowd.STATUS_ATTACK:
			fmt.Println("This is an attack, needs to take action!")
			res.Header().Set("Content-Type", "text/html")
			res.WriteHeader(500)
			res.Write([]byte(internalerrorpage))
			return
		case shadowd.STATUS_CRITICAL_ATTACK:
			fmt.Println("This is a critical attack, needs to take action!")
			res.Header().Set("Content-Type", "text/html")
			res.WriteHeader(500)
			res.Write([]byte(internalerrorpage))
			return
		default:
			fmt.Println("Something werid happen, response code => ", int(newmap["status"].(float64)))
			res.Header().Set("Content-Type", "text/html")
			res.WriteHeader(500)
			res.Write([]byte(internalerrorpage))
			return
		}
		next.ServeHTTP(res, req)
		return
	})
}