示例#1
0
func muxHandler(main http.Handler, authKeys []string) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		httphelper.CORSAllowAllHandler(w, r)
		if r.URL.Path == "/ping" || r.Method == "OPTIONS" {
			w.WriteHeader(200)
			return
		}
		_, password, _ := parseBasicAuth(r.Header)
		if password == "" && strings.Contains(r.Header.Get("Accept"), "text/event-stream") {
			password = r.URL.Query().Get("key")
		}
		var authed bool
		for _, k := range authKeys {
			if len(password) == len(k) && subtle.ConstantTimeCompare([]byte(password), []byte(k)) == 1 {
				authed = true
				break
			}
		}
		if !authed {
			w.WriteHeader(401)
			return
		}
		main.ServeHTTP(w, r)
	})
}
示例#2
0
文件: api.go 项目: BobbWu/flynn
func (api *API) CorsHandler(main http.Handler) http.Handler {
	httpInterfaceURL := api.conf.InterfaceURL
	if strings.HasPrefix(api.conf.InterfaceURL, "https") {
		httpInterfaceURL = "http" + strings.TrimPrefix(api.conf.InterfaceURL, "https")
	}
	corsHandler := cors.Allow(&cors.Options{
		AllowOrigins:     []string{api.conf.InterfaceURL, httpInterfaceURL},
		AllowMethods:     []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"},
		AllowHeaders:     []string{"Authorization", "Accept", "Content-Type", "If-Match", "If-None-Match"},
		ExposeHeaders:    []string{"ETag"},
		AllowCredentials: true,
		MaxAge:           time.Hour,
	})
	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
		if strings.HasSuffix(req.URL.Path, "/ping") || req.Method == "OPTIONS" {
			httphelper.CORSAllowAllHandler(w, req)
			w.WriteHeader(200)
			return
		}
		corsHandler(w, req)
		main.ServeHTTP(w, req)
	})
}