func (ChannelsAPI) Add(c endpoints.Context, ch *Channel) (*Channel, error) {
u, err := endpoints.CurrentUser(c, scopes, nil, clients)
if err != nil {
c.Errorf("auth: %v", err)
return nil, endpoints.NewUnauthorizedError("authorization required")
}
if !strings.HasSuffix(u.Email, "gmail.com") {
return nil, endpoints.NewUnauthorizedError("authorization refused")
}
if ch.Name == "" || ch.YouTubeID == "" {
return nil, endpoints.NewBadRequestError("empty channel")
}
k := datastore.NewKey(c, "Channel", ch.YouTubeID, 0, nil)
_, err = datastore.Put(c, k, ch)
if err != nil {
return nil, endpoints.NewInternalServerError("save channel: %v", err)
}
return ch, endpoints.NewAPIError("created", "created", http.StatusCreated)
}
// checkReferer returns an error if the referer of the HTTP request in the
// given context is not allowed.
//
// The allowed referer is the appspot domain for the application, such as:
// my-project-id.appspot.com
// and all domains are accepted when running locally on dev app server.
func checkReferer(c endpoints.Context) error {
if appengine.IsDevAppServer() {
return nil
}
r := c.HTTPRequest().Referer()
u, err := url.Parse(r)
if err != nil {
c.Infof("malformed referer detected: %q", r)
return endpoints.NewUnauthorizedError("couldn't extract domain from referer")
}
if u.Host != appengine.AppID(c)+".appspot.com" {
c.Infof("unauthorized referer detected: %q", r)
return endpoints.NewUnauthorizedError("referer unauthorized")
}
return nil
}