Domů Procházet Nápověda
Přihlásit se
akillibulut
/
porter
zrcadlo https://github.com/porter-dev/porter
2
0
Rozštěpit 0
Soubory Úkoly 0 Wiki
Větev: gitlab
Větve Značky
porter
/
provisioner
/
server
/
authn
/
basic.go

basic.go 2.0 KB
Trvalý odkaz Historie Surový

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. package authn
    2. 

  2. 

  3. import (
    4. 

  4. 	"context"
    5. 

  5. 	"fmt"
    6. 

  6. 	"net/http"
    7. 

  7. 	"strconv"
    8. 

  8. 

  9. 	"github.com/porter-dev/porter/api/server/shared/apierrors"
    10. 

  10. 	"github.com/porter-dev/porter/provisioner/server/config"
    11. 

  11. )
    12. 

  12. 

  13. // AuthNFactory generates a middleware handler `AuthN`
    14. 

  14. type AuthNBasicFactory struct {
    15. 

  15. 	config *config.Config
    16. 

  16. }
    17. 

  17. 

  18. // NewAuthNBasicFactory returns an `AuthNBasicFactory` that uses the passed-in server
    19. 

  19. // config
    20. 

  20. func NewAuthNBasicFactory(
    21. 

  21. 	config *config.Config,
    22. 

  22. ) *AuthNBasicFactory {
    23. 

  23. 	return &AuthNBasicFactory{config}
    24. 

  24. }
    25. 

  25. 

  26. // NewAuthenticated creates a new instance of `AuthN` that implements the http.Handler
    27. 

  27. // interface.
    28. 

  28. func (f *AuthNBasicFactory) NewAuthenticated(next http.Handler) http.Handler {
    29. 

  29. 	return &AuthNBasic{next, f.config}
    30. 

  30. }
    31. 

  31. 

  32. // AuthNStatic implements the authentication middleware
    33. 

  33. type AuthNBasic struct {
    34. 

  34. 	next   http.Handler
    35. 

  35. 	config *config.Config
    36. 

  36. }
    37. 

  37. 

  38. // ServeHTTP calls next if the authentication token is valid,
    39. 

  39. // or serves a forbidden error.
    40. 

  40. func (authn *AuthNBasic) ServeHTTP(w http.ResponseWriter, r *http.Request) {
    41. 

  41. 	porterTokenIDStr, porterToken, ok := r.BasicAuth()
    42. 

  42. 

  43. 	if ok {
    44. 

  44. 		if porterToken == "" {
    45. 

  45. 			authn.sendForbiddenError(fmt.Errorf("porter token does not exist"), w, r)
    46. 

  46. 			return
    47. 

  47. 		}
    48. 

  48. 

  49. 		porterTokenID, err := strconv.ParseUint(porterTokenIDStr, 10, 64)
    50. 

  50. 		if err != nil {
    51. 

  51. 			authn.sendForbiddenError(err, w, r)
    52. 

  52. 			return
    53. 

  53. 		}
    54. 

  54. 

  55. 		ceToken, err := ValidatePorterToken(authn.config, uint(porterTokenID), porterToken)
    56. 

  56. 		if err != nil {
    57. 

  57. 			authn.sendForbiddenError(err, w, r)
    58. 

  58. 			return
    59. 

  59. 		}
    60. 

  60. 

  61. 		// attach ce token to context
    62. 

  62. 		ctx := r.Context()
    63. 

  63. 		ctx = context.WithValue(ctx, "ce_token", ceToken)
    64. 

  64. 		r = r.Clone(ctx)
    65. 

  65. 

  66. 		authn.next.ServeHTTP(w, r)
    67. 

  67. 		return
    68. 

  68. 	}
    69. 

  69. 

  70. 	authn.sendForbiddenError(fmt.Errorf("no basic auth credentials"), w, r)
    71. 

  71. 	return
    72. 

  72. }
    73. 

  73. 

  74. func (authn *AuthNBasic) sendForbiddenError(err error, w http.ResponseWriter, r *http.Request) {
    75. 

  75. 	w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
    76. 

  76. 	reqErr := apierrors.NewErrForbidden(err)
    77. 

  77. 	apierrors.HandleAPIError(authn.config.Logger, authn.config.Alerter, w, r, reqErr, true)
    78. 

  78. 	return
    79. 

  79. }
    80.