func (h *Handler) Delete(ctx context.Context, rw http.ResponseWriter, req *http.Request) {
id, ok := mux.Vars(req)["id"]
if !ok {
http.Error(rw, "No id given.", http.StatusBadRequest)
return
}
h.m.IsAuthorized(permission(id), "delete", middleware.Env(req).Owner(id))(hydcon.ContextHandlerFunc(
func(ctx context.Context, rw http.ResponseWriter, req *http.Request) {
if err := h.s.Delete(id); err != nil {
http.Error(rw, err.Error(), http.StatusInternalServerError)
return
}
rw.WriteHeader(http.StatusAccepted)
}),
).ServeHTTPContext(ctx, rw, req)
}
func (h *Handler) Find(ctx context.Context, rw http.ResponseWriter, req *http.Request) {
subject, ok := mux.Vars(req)["subject"]
if !ok {
http.Error(rw, "No id given.", http.StatusBadRequest)
return
}
h.m.IsAuthorized(connectionsPermission, "get", middleware.Env(req).Owner(subject))(hydcon.ContextHandlerFunc(
func(ctx context.Context, rw http.ResponseWriter, req *http.Request) {
conns, err := h.s.FindAllByLocalSubject(subject)
if err != nil {
http.Error(rw, err.Error(), http.StatusNotFound)
return
}
WriteJSON(rw, conns)
},
)).ServeHTTPContext(ctx, rw, req)
}
func (h *Handler) Get(ctx context.Context, rw http.ResponseWriter, req *http.Request) {
id, ok := mux.Vars(req)["id"]
if !ok {
http.Error(rw, "No id given.", http.StatusBadRequest)
return
}
conn, err := h.s.Get(id)
if err != nil {
http.Error(rw, err.Error(), http.StatusNotFound)
return
}
h.m.IsAuthorized(permission(id), "get", middleware.Env(req).Owner(conn.GetLocalSubject()))(hydcon.ContextHandlerFunc(
func(ctx context.Context, rw http.ResponseWriter, req *http.Request) {
WriteJSON(rw, conn)
},
)).ServeHTTPContext(ctx, rw, req)
}
func (h *Handler) Get(ctx context.Context, rw http.ResponseWriter, req *http.Request) {
id, ok := mux.Vars(req)["id"]
if !ok {
http.Error(rw, "No id given.", http.StatusBadRequest)
return
}
h.m.IsAuthorized(permission(id), "get", middleware.Env(req).Owner(id))(hydcon.ContextHandlerFunc(
func(ctx context.Context, rw http.ResponseWriter, req *http.Request) {
user, err := h.s.Get(id)
if err == ErrNotFound {
http.Error(rw, err.Error(), http.StatusNotFound)
return
} else if err != nil {
http.Error(rw, err.Error(), http.StatusInternalServerError)
return
}
WriteJSON(rw, user)
}),
).ServeHTTPContext(ctx, rw, req)
}
func (h *Handler) authenticate(w http.ResponseWriter, r *http.Request, email, password string) (account.Account, error) {
acc, err := h.Accounts.Authenticate(email, password)
if err != nil {
http.Error(w, "Could not authenticate.", http.StatusUnauthorized)
return nil, err
}
policies, err := h.Policies.FindPoliciesForSubject(acc.GetID())
if err != nil {
http.Error(w, fmt.Sprintf("Could not fetch policies: %s", err.Error()), http.StatusInternalServerError)
return nil, err
}
if granted, err := h.Guard.IsGranted("/oauth2/authorize", "authorize", acc.GetID(), policies, middleware.Env(r).Ctx()); !granted {
err = errors.Errorf(`Subject "%s" is not allowed to authorize.`, acc.GetID())
http.Error(w, err.Error(), http.StatusUnauthorized)
return nil, err
} else if err != nil {
http.Error(w, fmt.Sprintf(`Authorization failed for Subject "%s": %s`, acc.GetID(), err.Error()), http.StatusInternalServerError)
return nil, err
}
return acc, nil
}