// match policy path to the a request url path
// policy path can be full path and can have wildcard `*`
func (pol *policy) IsMatch(policyPath, requestPath string, reqMethod string) bool {
// determine request method of policy path
method := "get"
if services.StringStartsWith(strings.ToLower(policyPath), "post") {
method = "post"
}
// ensure policy path request method matches the actual request method
if method != strings.ToLower(reqMethod) {
services.Println("matches not ", method, reqMethod)
return false
}
// reassign policy path to the second substr of policyPath passesed in
// if it contains a request method declaration
policyPathSplit := services.StringSplitBySpace(policyPath)
if len(policyPathSplit) > 1 {
policyPath = policyPathSplit[1]
}
// change any wildcard to proper regex repeating operator `.*`
policyPath = strings.Replace(policyPath, "*", ".*", -1)
// check if policy path matches request path
matched, err := regexp.MatchString(policyPath, requestPath)
if err != nil {
panic(err)
}
return matched
}
// ensures authorizaion header is a `Bearer` scheme
func MustBeBearer(res http.ResponseWriter, arc services.AuxRequestContext, log *config.CustomLog) {
authorization := strings.ToLower(arc.Header.Get("Authorization"))
if !services.StringStartsWith(authorization, "bearer") {
services.Res(res).Error(401, "invalid_request", "authorization scheme must be Bearer")
}
}