func (v *APIKeyValidator) Handle(w http.ResponseWriter, r *vertex.Request, next vertex.HandlerFunc) (interface{}, error) {
if _, found := v.validKeys[r.FormValue(v.paramName)]; !found {
return nil, vertex.UnauthorizedError("missing or invalid api key '%s'", r.FormValue(v.paramName))
}
return next(w, r)
}
// ForceSecure validates that a request is sent over SSL regardless of the global API config
func (f ForceSecure) Handle(w http.ResponseWriter, r *vertex.Request, next vertex.HandlerFunc) (interface{}, error) {
if !r.Secure {
if !r.IsLocal() || !f.AllowLocalInsecure {
return nil, vertex.UnauthorizedError("Insecure Access Forbidden")
}
}
return next(w, r)
}
// Handle checks the current requests IP against the allowed and blocked IP ranges in the filter
func (f *IPRangeFilter) Handle(w http.ResponseWriter, r *vertex.Request, next vertex.HandlerFunc) (interface{}, error) {
ip := net.ParseIP(r.RemoteIP)
if f.denied != nil {
for _, ipnet := range f.denied {
if ipnet.Contains(ip) {
return nil, vertex.UnauthorizedError("IP Address %s blocked", r.RemoteIP)
}
}
}
for _, ipnet := range f.allowed {
if ipnet.Contains(ip) {
logging.Info("IP Address %s allowed", r.RemoteIP)
return next(w, r)
}
}
return nil, vertex.UnauthorizedError("IP Address %s not allowed", r.RemoteIP)
}
func (o *OAuthMiddleware) LoginHandler() vertex.Route {
handler := func(w http.ResponseWriter, r *vertex.Request) (interface{}, error) {
code := r.FormValue("code")
logging.Info("Got code: %s", code)
tok, err := o.conf.Exchange(oauth2.NoContext, code)
if err != nil {
return nil, vertex.UnauthorizedError("Could not log you in: %s", err)
}
user, err := o.userValidator.Login(tok)
if err != nil {
return nil, vertex.UnauthorizedError("Could not validate user for login: %s", err)
}
enc, err := o.userValidator.EncodeToken(user)
if err != nil {
return nil, vertex.UnauthorizedError("Could not validate encode user token: %s", err)
}
o.setCookie(w, enc, r.Host)
if cook, err := r.Cookie(nextUrl); err == nil && cook != nil && cook.Value != "" {
logging.Info("Found nextUrl from before auth denied. Redirecting to %s", cook.Value)
http.Redirect(w, r.Request, cook.Value, http.StatusTemporaryRedirect)
return nil, vertex.Hijacked
}
return "Success Logging In", nil
}
return vertex.Route{
Path: loginPath,
Description: "OAuth Login",
Handler: vertex.HandlerFunc(handler),
Methods: vertex.GET,
}
}
func APIKeyValidator(r *vertex.Request) error {
if r.FormValue("apiKey") != config.APIKey {
return vertex.UnauthorizedError("Inalid API key")
}
return nil
}