func authenticationWrapper(fn http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, req *http.Request) {
user, pass := util.BasicAuth(req)
// blank auth or first connection attempt
if user == "" || pass == "" {
unauthorizedHandler(w, req)
log.Println("blank authentication")
return
}
// copy our ldap config but change username / password
// this verifies the user's credentials with the server
userLdapConf := conf.Ldap
userLdapConf.Username = user
userLdapConf.Password = pass
// attempt ldap connection using user creds
_, err := util.ConfigureLdapClient(userLdapConf)
if err != nil {
log.Println(err.Error())
unauthorizedHandler(w, req)
return
}
// user not in allowed users
if _, ok := allowedUsers[user]; !ok {
log.Println("user " + user + " is not an allowed user")
// reload allowed users
users, err := util.GetAllowedUsers(conf.Ldap, conf.AllowedGroups)
if err != nil {
log.Fatalf("error: %s", err.Error())
}
allowedUsers = users
unauthorizedHandler(w, req)
return
}
w.Header().Set("X-Authenticated-Username", user)
log.Printf("successfully authenticated as %s\n", user)
fn(w, req)
}
}
func main() {
flag.Parse()
if flag.NArg() != 1 {
log.Fatal("Missing configuration path.")
}
// load the local configuration file
fd, err := ioutil.ReadFile(flag.Arg(0))
if err != nil {
log.Fatal(err.Error())
}
// configuration object
err = yaml.Unmarshal(fd, &conf)
if err != nil {
log.Fatalf("error: %s", err.Error())
}
sess = session.New(&aws.Config{Region: aws.String(conf.S3.Region)})
// s3
s3Client = s3.New(sess)
// check for logs bucket existence
_, err = s3Client.HeadBucket(&s3.HeadBucketInput{
Bucket: aws.String(conf.S3.BucketName),
})
if err != nil {
log.Fatalf("error: %s", err.Error())
}
// bucketlister
lister := bucketlister.NewBucketLister(
conf.S3.BucketName,
"",
sess.Config,
)
// initial allowed users
users, err := util.GetAllowedUsers(conf.Ldap, conf.AllowedGroups)
if err != nil {
log.Fatalf("error: %s", err.Error())
}
allowedUsers = users
log.Printf("allowed users: %v", allowedUsers)
// gorilla mux
router := mux.NewRouter()
router.HandleFunc("/", uploadHandler).Methods("POST")
router.HandleFunc("/", authenticationWrapper(lister.ServeHTTP)).Methods("GET")
router.HandleFunc("/{dir}/", authenticationWrapper(lister.ServeHTTP)).Methods("GET")
router.HandleFunc("/{dir}/{file}", authenticationWrapper(downloadFileHandler)).Methods("GET")
// negroni
neg := negroni.Classic()
// handlers
neg.UseHandler(router)
neg.Run(":8080")
}
