// Get HTTP get method func (c *AuthUser) Get(req *Request) { // get the username/password user := req.r.URL.Query().Get("user") pass := req.r.URL.Query().Get("pass") // fetch the user form the db var u *config.User var err error c.pipeline.ViewConfig(func(ac *config.AppConfig) { u, err = ac.Provider().GetUserByUserName(user) }) if err != nil { http.Error(req.w, err.Error(), http.StatusBadRequest) logrus.Error(err) return } // if the user does not have the correct password, fail if !config.CheckUserPassword(u, pass) { http.Error(req.w, "invalid password", http.StatusBadRequest) return } token := GlobalSession.Put(u.UserName) // encode the response as json buff, err := json.Marshal(map[string]string{ "token": token, }) if err != nil { http.Error(req.w, err.Error(), http.StatusInternalServerError) logrus.Error(err) return } req.w.Write(buff) }
func authUser(confProvider config.Provider, r *http.Request) (*config.User, error) { // check for a session token session := r.Header.Get(SESSION_HEADER_NAME) // create user doesn't require auth if r.URL.Path == "/api/user" && r.Method == "POST" { return confProvider.GetUserByUserName("admin") } // fetch the user id from the session store for this token if session != "" { userName, err := GlobalSession.Get(session) if err != nil { return nil, err } // get the user by the given id return confProvider.GetUser(userName) } user, password, ok := r.BasicAuth() if !ok { return nil, fmt.Errorf("Auth not provided") } // fetch the user u, err := confProvider.GetUserByUserName(user) if err != nil { return nil, err } // check to see if the password is correct if !config.CheckUserPassword(u, password) { return nil, fmt.Errorf("The provided password is incorrect for user %s", user) } return u, nil }