// ServeHTTP as per the negroni.Handler interface
func (m *MixedAuthMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
// HTTPS redirection
err := util.NewSecure(m.service.GetConfig().IsDevelopment).Process(w, r)
if err != nil {
return
}
account, user, err := getMixedCredentialsFromRequest(r, m.service)
if err != nil {
// For security reasons, return a generic error message
response.UnauthorizedError(w, ErrAccountOrUserAuthenticationRequired.Error())
return
}
if account != nil {
context.Set(r, AuthenticatedAccountKey, account)
}
if user != nil {
context.Set(r, AuthenticatedUserKey, user)
}
next(w, r)
}
// ServeHTTP as per the negroni.Handler interface
func (m *OptionalAuthMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
// HTTPS redirection
err := util.NewSecure(m.service.GetConfig().IsDevelopment).Process(w, r)
if err != nil {
return
}
// Optional user auth
user, err := getUserCredentialsFromRequest(r, m.service)
if err == nil && user != nil {
context.Set(r, AuthenticatedUserKey, user)
context.Set(r, AuthenticatedAccountKey, user.Account)
}
// Optional client auth
account, err := getClientCredentialsFromRequest(r, m.service)
if err == nil && account != nil {
context.Set(r, AuthenticatedAccountKey, account)
}
next(w, r)
}
