Exemple #1
0
// NewBasicAuthHandler handles basic HTTP auth against the provided user resource
func NewBasicAuthHandler(users *resource.Resource) func(next http.Handler) http.Handler {
	return func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			if u, p, ok := r.BasicAuth(); ok {
				// Lookup the user by its id
				ctx := r.Context()
				user, err := users.Get(ctx, u)
				if user != nil && err == resource.ErrUnauthorized {
					// Ignore unauthorized errors set by ourselves
					err = nil
				}
				if err != nil {
					// If user resource storage handler returned an error, respond with an error
					if err == resource.ErrNotFound {
						http.Error(w, "Invalid credential", http.StatusForbidden)
					} else {
						http.Error(w, err.Error(), http.StatusInternalServerError)
					}
					return
				}
				if schema.VerifyPassword(user.Payload["password"], []byte(p)) {
					// Store the auth user into the context for later use
					r = r.WithContext(NewContextWithUser(ctx, user))
					next.ServeHTTP(w, r)
					return
				}
			}
			// Stop the middleware chain and return a 401 HTTP error
			w.Header().Set("WWW-Authenticate", `Basic realm="API"`)
			http.Error(w, "Please provide proper credentials", http.StatusUnauthorized)
		})
	}
}
Exemple #2
0
func (m myAuthMiddleware) Handle(ctx context.Context, r *http.Request, next rest.Next) (context.Context, int, http.Header, interface{}) {
	if u, p, ok := r.BasicAuth(); ok {
		// Lookup the user by its id
		lookup := resource.NewLookupWithQuery(schema.Query{
			schema.Equal{Field: "id", Value: u},
		})
		list, err := m.userResource.Find(ctx, lookup, 1, 1)
		if err != nil {
			// If user resource storage handler returned an error, stop the middleware chain
			return ctx, 0, nil, err
		}
		if len(list.Items) == 1 {
			user := list.Items[0]
			if schema.VerifyPassword(user.Payload["password"], []byte(p)) {
				// Get the current route from the context
				route, ok := rest.RouteFromContext(ctx)
				if ok {
					// If the current resource is "users", set the resource field to "id"
					// as user resource doesn't reference itself thru a "user" field.
					field := "user"
					if route.ResourcePath.Path() == "users" {
						field = "id"
					}
					// Prepent the resource path with the user resource
					route.ResourcePath.Prepend(m.userResource, field, u)
					// Go the the next middleware
					return next(ctx)
				}
			}
		}
	}
	// Stop the middleware chain and return a 401 HTTP error
	headers := http.Header{}
	headers.Set("WWW-Authenticate", "Basic realm=\"API\"")
	return ctx, 401, headers, &rest.Error{401, "Please provide proper credentials", nil}
}
Exemple #3
0
				},
			},
		},
	}
)

func SetAuthUserResource(us *resource.Resource) {
	field, _ := AuthSchema["access"]
	field.HookParams[0].Param = us
}

var CheckAccess = func(value interface{}, params []interface{}) interface{} {
	users, users_ok := params[0].(*resource.Resource)
	username, u_ok := params[1].(string)
	password, p_ok := params[2].(string)

	if users_ok && u_ok && p_ok {
		l := resource.NewLookup()
		l.AddQuery(schema.Query{schema.Equal{Field: "username", Value: username}})
		list, err := users.Find(context.Background(), l, 1, 1)
		if err == nil && len(list.Items) == 1 {
			user := list.Items[0]
			if schema.VerifyPassword(user.Payload["password"], []byte(password)) {
				return true
			}
		}
	}

	return false
}