Esempio n. 1
0
// auth (orize) the user to use the API service.
func auth(
	handler func(*web.Context),
) http.HandlerFunc {

	return func(w http.ResponseWriter, r *http.Request) {
		defer r.Body.Close()
		ctx := web.NewContext(w, r)

		// Retrieve username and password from headers.
		username, password, ok := r.BasicAuth()
		if !ok {
			if 0 == len(username) {
				username = "******"
			}
			log.For("/ROUTER(AUTH)", username).Warning().Print("Unknown user and/or password")
			ctx.Reply().Status(http.StatusUnauthorized).Do()
			return
		}

		// Perform authorization check.
		if id, err := user.Authorize(username, password); nil != err {
			// FAILED
			log.For("/ROUTER(AUTH)", username).Warning().Print("Authentication failed")
			ctx.Reply().Status(http.StatusUnauthorized).With(err.Error()).Do()
		} else {
			// SUCCESS
			ctx.User = username
			ctx.UserID = id
			handler(ctx)
		}
	}
}
Esempio n. 2
0
////////////////////////////////////////////////////////////////////////////////
// TEST PUT
////////////////////////////////////////////////////////////////////////////////
func testPut(t *testing.T) {
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		defer r.Body.Close()
		ctx := web.NewContext(w, r)
		ctx.User = "******"
		ctx.UserID = "01010101010101010101010101010101"

		Route(ctx)
	}))
	defer srv.Close()

	testPutGood(t, srv)
	testPutBad1(t, srv)
	testPutBad2(t, srv)
}