Exemplo n.º 1
0
func checkReferer(c context.Context) error {
	if appengine.IsDevAppServer() {
		return nil
	}

	r := endpoints.HTTPRequest(c).Referer()
	u, err := url.Parse(r)
	if err != nil {
		return endpoints.NewUnauthorizedError("couldn't extract domain from referer")
	}

	if u.Host != appengine.AppID(c)+".appspot.com" {
		return endpoints.NewUnauthorizedError("referer unauthorized")
	}

	return nil
}
Exemplo n.º 2
0
// checkReferer returns an error if the referer of the HTTP request in the
// given context is not allowed.
//
// The allowed referer is the appspot domain for the application, such as:
//   my-project-id.appspot.com
// and all domains are accepted when running locally on dev app server.
func checkReferer(c endpoints.Context) error {
	if appengine.IsDevAppServer() {
		return nil
	}

	r := c.HTTPRequest().Referer()
	u, err := url.Parse(r)
	if err != nil {
		c.Infof("malformed referer detected: %q", r)
		return endpoints.NewUnauthorizedError("couldn't extract domain from referer")
	}

	if u.Host != appengine.AppID(c)+".appspot.com" {
		c.Infof("unauthorized referer detected: %q", r)
		return endpoints.NewUnauthorizedError("referer unauthorized")
	}
	return nil
}
Exemplo n.º 3
0
func (ChannelsAPI) Add(c endpoints.Context, ch *Channel) (*Channel, error) {
	u, err := endpoints.CurrentUser(c, scopes, nil, clients)
	if err != nil {
		c.Errorf("auth: %v", err)
		return nil, endpoints.NewUnauthorizedError("authorization required")
	}

	if !strings.HasSuffix(u.Email, "gmail.com") {
		return nil, endpoints.NewUnauthorizedError("authorization refused")
	}

	if ch.Name == "" || ch.YouTubeID == "" {
		return nil, endpoints.NewBadRequestError("empty channel")
	}

	k := datastore.NewKey(c, "Channel", ch.YouTubeID, 0, nil)
	_, err = datastore.Put(c, k, ch)
	if err != nil {
		return nil, endpoints.NewInternalServerError("save channel: %v", err)
	}

	return ch, endpoints.NewAPIError("created", "created", http.StatusCreated)
}