func doServeHostBucket(w http.ResponseWriter, req *http.Request) (err error) {
log.Printf("Serving: %s %s", req.Method, req.RequestURI)
if req.Method != "GET" {
http.NotFound(w, req)
return
}
host, bucket := recogniseHostBucket(req)
if bucket == "" || host == "" {
http.NotFound(w, req)
return
}
creds, err := cbauth.AuthWebCreds(req)
if err != nil {
return
}
log.Printf("User name: `%s'", creds.Name())
canAccess, err := creds.CanAccessBucket(bucket)
if err != nil {
return
}
if !canAccess {
cbauth.SendUnauthorized(w)
return
}
payload, err := performBucketRequest(bucket, "http://"+host+"/")
if err != nil {
return
}
w.Write(payload)
return
}
func (h *CBAuthBasicLogin) ServeHTTP(
w http.ResponseWriter, req *http.Request) {
authType := ""
if h.mgr != nil && h.mgr.Options() != nil {
authType = h.mgr.Options()["authType"]
}
if authType == "cbauth" {
creds, err := cbauth.AuthWebCreds(req)
if err != nil {
http.Error(w, fmt.Sprintf("rest_auth: cbauth.AuthWebCreds,"+
" err: %v ", err), 403)
return
}
if creds.Source() == "anonymous" {
// force basic auth login by sending 401
cbauth.SendUnauthorized(w)
return
}
}
// redirect to /
http.Redirect(w, req, "/", http.StatusMovedPermanently)
}
func checkAuth(w http.ResponseWriter, req *http.Request) (admin bool) {
switch {
case authType == "cbauth":
creds, err := cbauth.AuthWebCreds(req)
if err != nil {
http.Error(w, fmt.Sprintf("auth err: %v ", err), 403)
return
}
admin, err = creds.IsAdmin()
if err != nil {
http.Error(w, fmt.Sprintf("auth err: %v ", err), 403)
return
}
if !admin {
cbauth.SendUnauthorized(w)
return
}
return
case authType == "":
return true
}
return true
}