working state
This commit is contained in:
35
auth/auth.go
35
auth/auth.go
@@ -2,6 +2,7 @@ package auth
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
@@ -158,27 +159,33 @@ func (con AuthApi) Verify(ctx *gin.Context) {
|
||||
claimsPointer, exists := ctx.Get("claims")
|
||||
if !exists {
|
||||
ctx.Status(403)
|
||||
ctx.Error(errors.New("Failed to get claims, not logged in"))
|
||||
return
|
||||
}
|
||||
|
||||
claims := claimsPointer.(*AuthClaims)
|
||||
claims, ok := claimsPointer.(*AuthClaims)
|
||||
if !ok {
|
||||
ctx.Error(errors.New("Failed to convert claims"))
|
||||
ctx.Status(500)
|
||||
return
|
||||
}
|
||||
|
||||
forwarded_host := ctx.Request.Header.Get("x-forwarded-host")
|
||||
log.Printf("Checking auth of %s", forwarded_host)
|
||||
forwardedUri := ctx.Request.Header.Get("x-forwarded-uri")
|
||||
|
||||
domainSegments := strings.Split(forwarded_host, ".")
|
||||
pathSegments := strings.Split(forwardedUri, "/")
|
||||
|
||||
serverId, service := domainSegments[0], domainSegments[1]
|
||||
serverId, service := pathSegments[2], pathSegments[1]
|
||||
|
||||
switch service {
|
||||
case "browsers":
|
||||
fmt.Printf("%#v %s", claims, serverId)
|
||||
serverPermissions, err := con.serverAuthDbHandler.GetPermissions(ctx, claims.Username, serverId)
|
||||
if err != nil {
|
||||
ctx.AbortWithError(500, err)
|
||||
return
|
||||
}
|
||||
if (claims.Permissions|serverPermissions)&models.Admin == models.Admin {
|
||||
ctx.Header("X-Username", claims.Username)
|
||||
ctx.Header("X-Auth-Username", claims.Username)
|
||||
log.Printf("Set header X-Username %s", claims.Username)
|
||||
ctx.Status(200)
|
||||
return
|
||||
@@ -186,7 +193,7 @@ func (con AuthApi) Verify(ctx *gin.Context) {
|
||||
case "cloud":
|
||||
if claims.Permissions&models.Cloud == models.Cloud || claims.Permissions&models.Admin == models.Admin {
|
||||
log.Printf("Set header X-Username %s", claims.Username)
|
||||
ctx.Header("X-Username", claims.Username)
|
||||
ctx.Header("X-Auth-Username", claims.Username)
|
||||
ctx.Status(200)
|
||||
return
|
||||
}
|
||||
@@ -201,20 +208,26 @@ func LoadGroup(group *gin.RouterGroup, config models.GlobalConfig) gin.HandlerFu
|
||||
panic(err)
|
||||
}
|
||||
|
||||
serverAuthDbHandler, err := factories.GetServersAuthorizationDbHandler(config.ServersAuthorizationDatabase)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
inviteHandler, err := factories.GetInviteTokenDbHandler(config.Authentication.UserPass.InviteTokenDatabase)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
connection := AuthApi{
|
||||
userAuthDbHandler: userAuthHandler,
|
||||
tokenHandler: inviteHandler,
|
||||
config: config,
|
||||
userAuthDbHandler: userAuthHandler,
|
||||
serverAuthDbHandler: serverAuthDbHandler,
|
||||
tokenHandler: inviteHandler,
|
||||
config: config,
|
||||
}
|
||||
|
||||
group.POST("/signin", connection.signIn)
|
||||
group.POST("/signup", connection.signUp)
|
||||
group.Any("/verify", connection.Verify)
|
||||
group.Any("/verify", connection.LoggedIn, connection.Verify)
|
||||
|
||||
return connection.LoggedIn
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user