gofmt the security file
This commit is contained in:
Christian Claus
parent
bed962222b
commit
bddbd497c8
1 changed files with 22 additions and 26 deletions
|
|
@ -2,26 +2,23 @@ package app
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"net/http"
|
|
||||||
"golang.org/x/crypto/bcrypt"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
|
"golang.org/x/crypto/bcrypt"
|
||||||
|
"net/http"
|
||||||
)
|
)
|
||||||
|
|
||||||
type contextKey int
|
type contextKey int
|
||||||
var authInfoKey contextKey = 0
|
|
||||||
|
|
||||||
|
var authInfoKey contextKey
|
||||||
|
|
||||||
|
// AuthInfo holds the username and authentication status
|
||||||
type AuthInfo struct {
|
type AuthInfo struct {
|
||||||
Username string
|
Username string
|
||||||
Authenticated bool
|
Authenticated bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// AuthWebdavHandler provides a ServeHTTP function with context and an application reference.
|
// authWebdavHandlerFunc is a type definition which holds a context and application reference to
|
||||||
type authWebdavHandler interface {
|
|
||||||
ServeHTTP(ctx context.Context, w http.ResponseWriter, r *http.Request, a *App)
|
|
||||||
}
|
|
||||||
|
|
||||||
// AuthWebdavHandlerFunc is a type definition which holds a context and application reference to
|
|
||||||
// match the AuthWebdavHandler interface.
|
// match the AuthWebdavHandler interface.
|
||||||
type authWebdavHandlerFunc func(c context.Context, w http.ResponseWriter, r *http.Request, a *App)
|
type authWebdavHandlerFunc func(c context.Context, w http.ResponseWriter, r *http.Request, a *App)
|
||||||
|
|
||||||
|
|
@ -30,29 +27,38 @@ func (f authWebdavHandlerFunc) ServeHTTP(c context.Context, w http.ResponseWrite
|
||||||
f(c, w, r, a)
|
f(c, w, r, a)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// NewBasicAuthWebdavHandler creates a new http handler with basic auth features.
|
||||||
|
// The handler will use the application config for user and password lookups.
|
||||||
|
func NewBasicAuthWebdavHandler(a *App) http.Handler {
|
||||||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
ctx := context.Background()
|
||||||
|
handlerFunc := authWebdavHandlerFunc(handle)
|
||||||
|
handlerFunc.ServeHTTP(ctx, w, r, a)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
func authorize(config *Config, username, password string) *AuthInfo {
|
func authorize(config *Config, username, password string) *AuthInfo {
|
||||||
if username == "" || password == "" {
|
if username == "" || password == "" {
|
||||||
log.WithField("user", username).Warn("Username not found or password empty")
|
log.WithField("user", username).Warn("Username not found or password empty")
|
||||||
return &AuthInfo{Authenticated:false}
|
return &AuthInfo{Authenticated: false}
|
||||||
}
|
}
|
||||||
|
|
||||||
user := config.Users[username]
|
user := config.Users[username]
|
||||||
if user == nil {
|
if user == nil {
|
||||||
log.WithField("user", username).Warn("User not found")
|
log.WithField("user", username).Warn("User not found")
|
||||||
return &AuthInfo{Authenticated:false}
|
return &AuthInfo{Authenticated: false}
|
||||||
}
|
}
|
||||||
|
|
||||||
err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password))
|
err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.WithField("user", username).Warn("Password doesn't match")
|
log.WithField("user", username).Warn("Password doesn't match")
|
||||||
return &AuthInfo{Authenticated:false}
|
return &AuthInfo{Authenticated: false}
|
||||||
}
|
}
|
||||||
|
|
||||||
return &AuthInfo{Username:username, Authenticated:true}
|
return &AuthInfo{Username: username, Authenticated: true}
|
||||||
}
|
}
|
||||||
|
|
||||||
// AuthFromContext returns information about the authentication state of the
|
// AuthFromContext returns information about the authentication state of the current user.
|
||||||
// current user.
|
|
||||||
func AuthFromContext(ctx context.Context) *AuthInfo {
|
func AuthFromContext(ctx context.Context) *AuthInfo {
|
||||||
info, ok := ctx.Value(authInfoKey).(*AuthInfo)
|
info, ok := ctx.Value(authInfoKey).(*AuthInfo)
|
||||||
if !ok {
|
if !ok {
|
||||||
|
|
@ -81,17 +87,7 @@ func handle(ctx context.Context, w http.ResponseWriter, r *http.Request, a *App)
|
||||||
}
|
}
|
||||||
|
|
||||||
func writeUnauthorized(w http.ResponseWriter, realm string) {
|
func writeUnauthorized(w http.ResponseWriter, realm string) {
|
||||||
w.Header().Set("WWW-Authenticate", "Basic realm=" + realm)
|
w.Header().Set("WWW-Authenticate", "Basic realm="+realm)
|
||||||
w.WriteHeader(http.StatusUnauthorized)
|
w.WriteHeader(http.StatusUnauthorized)
|
||||||
w.Write([]byte(fmt.Sprintf("%d %s", http.StatusUnauthorized, "Unauthorized")))
|
w.Write([]byte(fmt.Sprintf("%d %s", http.StatusUnauthorized, "Unauthorized")))
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewBasicAuthWebdavHandler creates a new http handler with basic auth features.
|
|
||||||
// The handler will use the application config for user and password lookups.
|
|
||||||
func NewBasicAuthWebdavHandler(a *App) http.Handler {
|
|
||||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
||||||
ctx := context.Background()
|
|
||||||
handlerFunc := authWebdavHandlerFunc(handle)
|
|
||||||
handlerFunc.ServeHTTP(ctx, w, r, a)
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue