/
authenticate.go
71 lines (56 loc) · 1.5 KB
/
authenticate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
package main
import (
"net/http"
"strings"
"gopkg.in/mgo.v2"
"gopkg.in/mgo.v2/bson"
"github.com/zenazn/goji/web"
"github.com/N4SJAMK/teamboard-api/models"
"github.com/N4SJAMK/teamboard-api/utils"
)
func authenticate(c *web.C, h http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
var (
db = c.Env["db"].(*mgo.Database)
auth = strings.Split(r.Header.Get("authorization"), " ")
)
// validate that the authorization header is correctly formatted
if len(auth) != 2 || auth[0] != "Bearer" {
utils.Error(w, "Authorization: Bearer <Token>",
http.StatusUnauthorized)
return
}
// find the token
var (
token = models.Token{}
tokenQuery = db.C("tokens").Find(bson.M{
"secret": auth[1],
})
)
if err := tokenQuery.One(&token); err != nil {
if err == mgo.ErrNotFound {
utils.Error(w, err.Error(), http.StatusUnauthorized)
return
}
utils.Error(w, err.Error(), http.StatusInternalServerError)
return
}
// find the user corresponding to the token and attach its
// 'ID' attribute to the request's context under the 'user' key
var (
user = models.User{}
userQuery = db.C("users").FindId(token.UserID)
)
if err := userQuery.One(&user); err != nil {
if err == mgo.ErrNotFound {
utils.Error(w, err.Error(), http.StatusUnauthorized)
return
}
utils.Error(w, err.Error(), http.StatusInternalServerError)
return
}
c.Env["user"] = user.ID
h.ServeHTTP(w, r)
return
})
}