// Verify that the commands is called by a super user or the user itself
func (l LibsecurityRestful) SameUserFilter(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
if l.toFilter() == false {
chain.ProcessFilter(req, resp)
return
}
name := req.PathParameter(userIdParam)
logger.Trace.Println("SameUserFilter: user name:", name)
tokenStr := l.getCookieAccessTokenValue(req)
if tokenStr == "" {
l.setError(resp, http.StatusMethodNotAllowed, fmt.Errorf("You need to authenticate first"))
return
}
isUserMatch, err := app.IsItTheSameUser(tokenStr, name, getIPAddress(req), l.verifyKey)
if err != nil {
l.setError(resp, http.StatusMethodNotAllowed, err)
return
}
isPrivilegeOk, _ := app.IsPrivilegeOk(tokenStr, am.SuperUserPermission, getIPAddress(req), l.verifyKey)
if isPrivilegeOk == false && isUserMatch == false {
tokenData, _ := app.ParseToken(tokenStr, getIPAddress(req), l.verifyKey)
l.setError(resp, http.StatusMethodNotAllowed, fmt.Errorf("User '%v' is not permited to do the operation, only the same user or root can execute it", tokenData.UserName))
return
}
chain.ProcessFilter(req, resp)
}
func (l LibsecurityRestful) VerifyToken(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
tokenStr := l.getCookieAccessTokenValue(req)
if tokenStr == "" {
l.setError(resp, http.StatusMethodNotAllowed, fmt.Errorf("You need to authenticate first"))
return
}
_, err := app.ParseToken(tokenStr, getIPAddress(req), l.verifyKey)
if err != nil {
l.setError(resp, http.StatusMethodNotAllowed, err)
return
}
chain.ProcessFilter(req, resp)
}