func getPolicyForPerson(person *doorbot.Person) *security.Policy {
var policy *security.Policy
switch person.AccountType {
case doorbot.AccountMember:
policy = security.NewMemberPolicy()
break
case doorbot.AccountManager:
policy = security.NewManagerPolicy()
break
case doorbot.AccountOwner:
policy = security.NewOwnerPolicy()
break
}
return policy
}
// SecuredRouteHandler returns a martini.Handler responsible of handling authentication
func SecuredRouteHandler() martini.Handler {
return func(render render.Render, c martini.Context, req *http.Request, r doorbot.Repositories, a *doorbot.Account) {
if a == nil {
log.Println("Doorbot::SecuredRouteHandler No account mapped.")
render.Status(http.StatusForbidden)
return
}
session := &auth.Authorization{}
parts, err := parseAuthorization(req, render)
if err != nil {
return
}
mode := parts[0]
token := parts[1]
switch mode {
case "administrator":
administrator, err := auth.AuthenticateAdministrator(r, token)
if err != nil {
render.Status(http.StatusInternalServerError)
return
}
if administrator == nil {
log.WithFields(log.Fields{
"administrator_token": token,
"url": req.URL,
}).Warn("Api::Handlers->SecuredRouteHandler administrator not found.")
render.Status(http.StatusUnauthorized)
return
}
log.WithFields(log.Fields{
"url": req.URL,
"administrator_id": administrator.ID,
}).Info("Api::Handlers->SecuredRouteHandler adminstrator request")
c.Map(administrator)
session.Administrator = administrator
session.Type = auth.AuthorizationAdministrator
session.Policy = security.NewAdministratorPolicy()
case "device":
device, err := auth.AuthenticateDevice(r, token)
if err != nil {
render.Status(http.StatusInternalServerError)
return
}
if device == nil {
render.Status(http.StatusUnauthorized)
return
}
log.WithFields(log.Fields{
"url": req.URL,
"device_id": device.ID,
"account_id": a.ID,
}).Info("Api::Handlers->SecuredRouteHandler device request")
session.Type = auth.AuthorizationDevice
session.Device = device
session.Policy = security.NewDevicePolicy()
case "person":
person, err := auth.AuthenticatePerson(r, token)
if err != nil {
render.Status(http.StatusInternalServerError)
return
}
if person == nil {
render.Status(http.StatusUnauthorized)
return
}
log.WithFields(log.Fields{
"url": req.URL,
"account_id": a.ID,
"person_id": person.ID,
}).Info("Api::Handlers->SecuredRouteHandler person request")
session.Person = person
session.Type = auth.AuthorizationPerson
switch person.AccountType {
case doorbot.AccountOwner:
session.Policy = security.NewOwnerPolicy()
break
case doorbot.AccountManager:
session.Policy = security.NewManagerPolicy()
break
case doorbot.AccountMember:
session.Policy = security.NewMemberPolicy()
break
}
default:
log.WithFields(log.Fields{
"url": req.URL,
"account_id": a.ID,
}).Info("Api::Handlers->SecuredRouteHandler Unauthorized access (invalid auth type)")
render.Status(http.StatusForbidden)
return
}
c.Map(session)
}
}