func StartLogger(ctx context.Context, w http.ResponseWriter, r *http.Request) context.Context { var buf bytes.Buffer buf.WriteString("Started ") cW(&buf, bMagenta, "%s ", r.Method) cW(&buf, nBlue, "%q ", r.URL.String()) buf.WriteString("from ") buf.WriteString(r.RemoteAddr) startTime := time.Now() ctx = router.SetMiddlewareParam(ctx, "start_time", startTime) log.Print(buf.String()) return ctx }
// The sequence : // 1. Get X_AUTH_TOKEN and X_SERVICE_TOKEN from request // 2. Get token info (access) from cache server // 3. If token valid, put related data into context // 4. If not, fetch token from identity server // 5. If token valid, put related data into context // 6. Or put invalidated token data into context // 7. If auth delay enabled, return context // 8. Or return nil func (a *AuthToken) ServeHTTPContext(ctx context.Context, w http.ResponseWriter, r *http.Request) context.Context { userToken := r.Header.Get("X-Auth-Token") serviceToken := r.Header.Get("X-Service-Token") var userValid bool var serviceValid bool if userToken != "" { access, err := a.fetchTokenInfo(userToken) if err == nil && !access.Expired() { ctx = router.SetMiddlewareParam(ctx, UserAccessInfoKey, access) r.Header.Set("X-Identity-Status", "Confirmed") if access.TokenInfo != nil { if access.TokenInfo.User != nil && access.TokenInfo.User.Domain != nil { r.Header.Set("X-Domain-Id", access.TokenInfo.User.Domain.Id) r.Header.Set("X-Domain-Name", access.TokenInfo.User.Domain.Name) r.Header.Set("X-User-Domain-Id", access.TokenInfo.User.Domain.Id) r.Header.Set("X-User-Domain-Name", access.TokenInfo.User.Domain.Name) } if access.TokenInfo.Project != nil { r.Header.Set("X-Project-Id", access.TokenInfo.Project.Id) r.Header.Set("X-Project-Name", access.TokenInfo.Project.Name) } if access.TokenInfo.Project != nil && access.TokenInfo.Project.Domain != nil { r.Header.Set("X-Project-Domain-Id", access.TokenInfo.Project.Domain.Id) r.Header.Set("X-Project-Domain-Name", access.TokenInfo.Project.Domain.Name) } if access.TokenInfo.User != nil { r.Header.Set("X-User-Id", access.TokenInfo.User.Id) r.Header.Set("X-User-Name", access.TokenInfo.User.Name) } if access.TokenInfo.Roles != nil { roleNames := make([]string, len(access.TokenInfo.Roles)) for i, r := range access.TokenInfo.Roles { roleNames[i] = r.Name } r.Header.Set("X-Roles", strings.Join(roleNames, ",")) } } userValid = true } } if !userValid { r.Header.Set("X-Identity-Status", "Invalid") } if serviceToken != "" { access, err := a.fetchTokenInfo(serviceToken) if err == nil && !access.Expired() { r.Header.Set("X-Service-Identity-Status", "Confirmed") if access.TokenInfo != nil { if access.TokenInfo.User != nil && access.TokenInfo.User.Domain != nil { r.Header.Set("X-Service-Domain-Id", access.TokenInfo.User.Domain.Id) r.Header.Set("X-Service-Domain-Name", access.TokenInfo.User.Domain.Name) r.Header.Set("X-Service-User-Domain-Id", access.TokenInfo.User.Domain.Id) r.Header.Set("X-Service-User-Domain-Name", access.TokenInfo.User.Domain.Name) } if access.TokenInfo.Project != nil { r.Header.Set("X-Service-Project-Id", access.TokenInfo.Project.Id) r.Header.Set("X-Service-Project-Name", access.TokenInfo.Project.Name) } if access.TokenInfo.Project != nil && access.TokenInfo.Project.Domain != nil { r.Header.Set("X-Service-Project-Domain-Id", access.TokenInfo.Project.Domain.Id) r.Header.Set("X-Service-Project-Domain-Name", access.TokenInfo.Project.Domain.Name) } if access.TokenInfo.User != nil { r.Header.Set("X-Service-User-Id", access.TokenInfo.User.Id) r.Header.Set("X-Service-User-Name", access.TokenInfo.User.Name) } if access.TokenInfo.Roles != nil { roleNames := make([]string, len(access.TokenInfo.Roles)) for i, r := range access.TokenInfo.Roles { roleNames[i] = r.Name } r.Header.Set("X-Service-Roles", strings.Join(roleNames, ",")) } } serviceValid = true } } else { // if service token not present, make service true here serviceValid = true } if !(userValid && serviceValid) { if a.delayAuthDecision { return ctx } else { // reject due to invalid tokens (either user or service or both) w.Header().Set("WWW-Authenticate", a.session.BaseUrl) if userValid { w.WriteHeader(http.StatusForbidden) } else { w.WriteHeader(http.StatusUnauthorized) } //return nil context will stop the middleware chain return nil } } return ctx }