func (uis *UIServer) getSpawnedHosts(w http.ResponseWriter, r *http.Request) {
user := MustHaveUser(r)
hosts, err := host.Find(host.ByUserWithRunningStatus(user.Username()))
if err != nil {
uis.LoggedError(w, r, http.StatusInternalServerError,
fmt.Errorf("Error finding running hosts for user %v: %v", user.Username(), err))
return
}
uis.WriteJSON(w, http.StatusOK, hosts)
}
// UserMiddleware is middleware which checks for session tokens on the Request
// and looks up and attaches a user for that token if one is found.
func UserMiddleware(um auth.UserManager) func(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
return func(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
token := ""
var err error
// Grab token auth from cookies
for _, cookie := range r.Cookies() {
if cookie.Name == evergreen.AuthTokenCookie {
if token, err = url.QueryUnescape(cookie.Value); err == nil {
break
}
}
}
// Grab API auth details from header
var authDataAPIKey, authDataName string
if len(r.Header["Api-Key"]) > 0 {
authDataAPIKey = r.Header["Api-Key"][0]
}
if len(r.Header["Auth-Username"]) > 0 {
authDataName = r.Header["Auth-Username"][0]
}
if len(token) > 0 {
user, err := um.GetUserByToken(token)
if err != nil {
evergreen.Logger.Logf(slogger.INFO, "Error getting user: %v", err)
} else {
// Get the user's full details from the DB or create them if they don't exists
dbUser, err := model.GetOrCreateUser(user.Username(), user.DisplayName(), user.Email())
if err != nil {
evergreen.Logger.Logf(slogger.INFO, "Error looking up user %v: %v", user.Username(), err)
} else {
context.Set(r, myUserKey, dbUser)
}
}
} else if len(authDataAPIKey) > 0 {
dbUser, err := user.FindOne(user.ById(authDataName))
if dbUser != nil && err == nil {
if dbUser.APIKey != authDataAPIKey {
http.Error(rw, "Unauthorized - invalid API key", http.StatusUnauthorized)
return
}
context.Set(r, myUserKey, dbUser)
} else {
evergreen.Logger.Logf(slogger.ERROR, "Error getting user: %v", err)
}
}
next(rw, r)
}
}
