// Authorization represent a middleware handler for a http router.
// For POST or PUT requests, it also parses the request body as a form. The
// claims of a token will be appended to the requests Form map. So you
// can access the token in any http/routing library.
func (a *AuthManager) Authorization(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
token, err := jwt.ParseFromRequest(r, a.keyFunc)
var inBL bool
if token != nil {
inBL = a.Blacklist.Has(token.Raw)
}
if token != nil && err == nil && token.Valid && !inBL {
if err := appendTokenToForm(r, token, a.PostFormVarPrefix); err != nil {
a.HTTPErrorHandler(
log.Error("userjwt.AuthManager.Authenticate.appendTokenToForm", "err", err, "r", r, "token", token),
).ServeHTTP(w, r)
} else {
next.ServeHTTP(w, r)
}
} else {
if log.IsInfo() {
log.Info("userjwt.AuthManager.Authenticate", "err", err, "token", token, "blacklist", inBL)
}
a.HTTPErrorHandler(err).ServeHTTP(w, r) // is that really thread safe or other bug?
}
})
}
func TestNull(t *testing.T) {
log.SetNull()
log.SetLevel(-1000)
if log.IsTrace() {
t.Error("There should be no trace")
}
if log.IsDebug() {
t.Error("There should be no debug")
}
if log.IsInfo() {
t.Error("There should be no info")
}
if log.IsWarn() {
t.Error("There should be no warn")
}
var args []interface{}
args = append(args, "key1", 1, "key2", 3.14152)
log.Trace("Hello World", args...)
log.Debug("Hello World", args...)
log.Info("Hello World", args...)
log.Warn("Hello World", args...)
log.Error("Hello World", args...)
log.Log(1, "Hello World", args)
}
func TestNull(t *testing.T) {
log.SetLevel(-1000)
if !log.IsDebug() {
t.Error("There should be debug logging")
}
if !log.IsInfo() {
t.Error("There should be info logging")
}
var args []interface{}
args = append(args, "key1", 1, "key2", 3.14152)
log.Debug("Hello World", args...)
log.Info("Hello World", args...)
}
// SupportXHTTPMethodOverride adds support for the X-HTTP-Method-Override
// header. Submitted value will be checked against known methods. Adding
// HTTPMethodOverrideFormKey to any form will take precedence before
// HTTP header. If an unknown method will be submitted it gets logged as an
// Info log.
func SupportXHTTPMethodOverride() Adapter {
return func(h http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
mo := r.FormValue(HTTPMethodOverrideFormKey)
if mo == "" {
mo = r.Header.Get(HTTPMethodOverrideHeader)
}
switch mo {
case "": // do nothing
case HTTPMethodHead, HTTPMethodGet, HTTPMethodPost, HTTPMethodPut, HTTPMethodPatch, HTTPMethodDelete, HTTPMethodTrace, HTTPMethodOptions:
r.Method = mo
default:
// not sure if an error is here really needed ...
if log.IsInfo() {
log.Info("net.SupportXHTTPMethodOverride.switch", "err", "Unknown http method", "method", mo, "form", r.Form.Encode(), "header", r.Header)
}
}
h.ServeHTTP(w, r)
})
}
}
// WithXHTTPMethodOverride adds support for the X-HTTP-Method-Override
// header. Submitted value will be checked against known methods. Adding
// HTTPMethodOverrideFormKey to any form will take precedence before
// HTTP header. If an unknown method will be submitted it gets logged as an
// Info log. This function is chainable.
func WithXHTTPMethodOverride() Middleware {
return func(h Handler) Handler {
return HandlerFunc(func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
mo := r.FormValue(httputils.MethodOverrideFormKey)
if mo == "" {
mo = r.Header.Get(httputils.MethodOverrideHeader)
}
switch mo {
case "": // do nothing
case httputils.MethodHead, httputils.MethodGet, httputils.MethodPost, httputils.MethodPut, httputils.MethodPatch, httputils.MethodDelete, httputils.MethodTrace, httputils.MethodOptions:
r.Method = mo
default:
// not sure if an error is here really needed ...
if log.IsInfo() {
log.Info("ctxhttp.SupportXHTTPMethodOverride.switch", "err", "Unknown http method", "method", mo, "form", r.Form.Encode(), "header", r.Header)
}
}
return h.ServeHTTPContext(ctx, w, r)
})
}
}