// Unauthorized checks for and handles cases where authentication can occur via
// share blobs.
func (h *getHandler) Unauthorized(w http.ResponseWriter, req *http.Request) {
defer func() {
if r := recover(); r != nil {
w.Header().Set(ActionStatus, ActionFailed)
fmt.Println("blob post failed: ", r)
}
}()
shareRef := req.FormValue("via")
if shareRef == "" {
auth.SendUnauthorized(w)
return
}
b, err := h.bs.Db.Get(shareRef)
if err != nil {
auth.SendUnauthorized(w)
return
}
share := &blob.Share{}
err = blob.Unmarshal(b, share)
util.Check(err)
ref := path.Base(req.URL.Path)
b, err = h.bs.Db.Get(ref)
util.Check(err)
if !share.AuthorizedGet(b) {
auth.SendUnauthorized(w)
return
}
w.Header().Set(ActionStatus, ActionSuccess)
w.Write(b.Content())
fmt.Println("successful retrieval")
}
func (h *indexHandler) Unauthorized(w http.ResponseWriter, req *http.Request) {
auth.SendUnauthorized(w)
}