コード例 #1
0
//AuthHandler middleware
//This handler handles auth based on the assertion that the request is valid JSON
//Verifies for access, blocks handlers chain if access denied
func AuthHandler(next *ctx.Handler) *ctx.Handler {
	return ctx.NewHandler(next.Context, func(c *ctx.Context, w http.ResponseWriter, r *http.Request) {
		//TODO: This can change for body instead ?
		token := r.Header.Get("Tracking-Token")
		//Bad request token empty or not present
		if token == "" {
			c.Logger.Infof("%s : No token header", utilities.GetIP(r))
			token = r.URL.Query().Get("key")
			if token == "" {
				c.Logger.Infof("%s : No token query parameter", utilities.GetIP(r))
				http.Error(w, http.StatusText(400), 400)
				return
			}
		}

		authorized, err := c.AuthDb.IsTokenAuthorized(token)

		// Internal server error TODO: Handle this
		if err != nil {
			c.Logger.Errorf("%s : Error while authorizing: %s", utilities.GetIP(r), err.Error())
			http.Error(w, http.StatusText(500), 500)
			return
		}
		// Unauthorized
		if !authorized {
			c.Logger.Warnf("%s : Unauthorized: %s", utilities.GetIP(r), token)
			http.Error(w, http.StatusText(401), 401)
			return
		}
		c.Logger.Infof("%s : Authorized", utilities.GetIP(r))
		next.ServeHTTP(w, r)
	})
}
コード例 #2
0
//EnforceJSONHandler middleware
//This handler can handle raw requests
//This handler checks for detected content type as well as content-type header
func EnforceJSONHandler(next *ctx.Handler) *ctx.Handler {
	return ctx.NewHandler(next.Context, func(c *ctx.Context, w http.ResponseWriter, r *http.Request) {
		//Ensure that there is a body
		if r.ContentLength == 0 {
			c.Logger.Infof("%s : Recieved empty payload", utilities.GetIP(r))
			http.Error(w, http.StatusText(400), 400)
			return
		}
		//Ensure that its json
		contentType := r.Header.Get("Content-Type")
		if contentType != "application/json; charset=UTF-8" {
			c.Logger.Infof("%s : Invalid content type. Got %s", utilities.GetIP(r), contentType)
			http.Error(w, http.StatusText(415), 415)
			return
		}
		next.ServeHTTP(w, r)
	})
}