// CheckRequest checks that the given http request contains at least one // valid macaroon minted by the given service, using checker to check // any first party caveats. It returns an error with a // *bakery.VerificationError cause if the macaroon verification failed. // // The assert map holds any required attributes of "declared" attributes, // overriding any inferences made from the macaroons themselves. // It has a similar effect to adding a checkers.DeclaredCaveat // for each key and value, but the error message will be more // useful. // // It adds all the standard caveat checkers to the given checker. // // It returns any attributes declared in the successfully validated request. func CheckRequest(svc *bakery.Service, req *http.Request, assert map[string]string, checker checkers.Checker) (map[string]string, error) { mss := RequestMacaroons(req) if len(mss) == 0 { return nil, &bakery.VerificationError{ Reason: errgo.Newf("no macaroon cookies in request"), } } checker = checkers.New( checker, Checkers(req), checkers.TimeBefore, ) attrs, err := svc.CheckAny(mss, assert, checker) if err != nil { return nil, errgo.Mask(err, isVerificationError) } return attrs, nil }