// UserMiddleware is middleware which checks for session tokens on the Request
// and looks up and attaches a user for that token if one is found.
func UserMiddleware(um auth.UserManager) func(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
return func(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
token := ""
var err error
// Grab token auth from cookies
for _, cookie := range r.Cookies() {
if cookie.Name == evergreen.AuthTokenCookie {
if token, err = url.QueryUnescape(cookie.Value); err == nil {
break
}
}
}
// Grab API auth details from header
var authDataAPIKey, authDataName string
if len(r.Header["Api-Key"]) > 0 {
authDataAPIKey = r.Header["Api-Key"][0]
}
if len(r.Header["Auth-Username"]) > 0 {
authDataName = r.Header["Auth-Username"][0]
}
if len(authDataName) == 0 && len(r.Header["Api-User"]) > 0 {
authDataName = r.Header["Api-User"][0]
}
if len(token) > 0 {
dbUser, err := um.GetUserByToken(token)
if err != nil {
evergreen.Logger.Logf(slogger.INFO, "Error getting user %v: %v", authDataName, err)
} else {
// Get the user's full details from the DB or create them if they don't exists
dbUser, err := model.GetOrCreateUser(dbUser.Username(), dbUser.DisplayName(), dbUser.Email())
if err != nil {
evergreen.Logger.Logf(slogger.INFO, "Error looking up user %v: %v", dbUser.Username(), err)
} else {
context.Set(r, RequestUser, dbUser)
}
}
} else if len(authDataAPIKey) > 0 {
dbUser, err := user.FindOne(user.ById(authDataName))
if dbUser != nil && err == nil {
if dbUser.APIKey != authDataAPIKey {
http.Error(rw, "Unauthorized - invalid API key", http.StatusUnauthorized)
return
}
context.Set(r, RequestUser, dbUser)
} else {
evergreen.Logger.Logf(slogger.ERROR, "Error getting user: %v", err)
}
}
next(rw, r)
}
}
// UserMiddleware checks for session tokens on the request, then looks up and attaches a user
// for that token if one is found.
func UserMiddleware(um auth.UserManager) func(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
return func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
err := r.ParseForm()
if err != nil {
http.Error(w, "can't parse form?", http.StatusBadRequest)
return
}
// Note: at this point the "token" is actually a json object in string form,
// containing both the username and token.
token := r.FormValue("id_token")
if len(token) == 0 {
next(w, r)
return
}
authData := struct {
Name string `json:"auth_user"`
Token string `json:"auth_token"`
APIKey string `json:"api_key"`
}{}
if err := util.ReadJSONInto(ioutil.NopCloser(strings.NewReader(token)), &authData); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
if len(authData.Token) > 0 { // legacy auth - token lookup
authedUser, err := um.GetUserByToken(authData.Token)
if err != nil {
evergreen.Logger.Logf(slogger.ERROR, "Error getting user: %v", err)
} else {
// Get the user's full details from the DB or create them if they don't exists
dbUser, err := model.GetOrCreateUser(authedUser.Username(),
authedUser.DisplayName(), authedUser.Email())
if err != nil {
evergreen.Logger.Logf(slogger.ERROR, "Error looking up user %v: %v", authedUser.Username(), err)
} else {
context.Set(r, apiUserKey, dbUser)
}
}
} else if len(authData.APIKey) > 0 {
dbUser, err := user.FindOne(user.ById(authData.Name))
if dbUser != nil && err == nil {
if dbUser.APIKey != authData.APIKey {
http.Error(w, "Unauthorized - invalid API key", http.StatusUnauthorized)
return
}
context.Set(r, apiUserKey, dbUser)
} else {
evergreen.Logger.Logf(slogger.ERROR, "Error getting user: %v", err)
}
}
next(w, r)
}
}