diff options
| author | Max Resnick <max@ofmax.li> | 2022-11-24 08:38:25 -0800 |
|---|---|---|
| committer | Max Resnick <max@ofmax.li> | 2022-11-24 08:38:25 -0800 |
| commit | e5c769322641cf2c8b68318ab7d2588dce7123a9 (patch) | |
| tree | 02086f2d748aba6576eb9ca1019e735e4f28883b /internal | |
| parent | 9317407369c72a43c5f2f0bdf8f006169669cdf8 (diff) | |
| download | go-git-server-e5c769322641cf2c8b68318ab7d2588dce7123a9.tar.gz | |
re-org, fix to pass tests
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/authz/handler.go | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/internal/authz/handler.go b/internal/authz/handler.go index e47dd33..1dd06e3 100644 --- a/internal/authz/handler.go +++ b/internal/authz/handler.go @@ -11,28 +11,27 @@ import ( "golang.org/x/crypto/bcrypt" ) -// Authentication middleware to enforce authentication of all requests. -func Authentication(authMap TokenMap, next http.Handler) http.Handler { +func Authentication(authMap TokenMap, next http.HandlerFunc) http.Handler { return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { u, p, ok := req.BasicAuth() if !ok { rw.Header().Set("WWW-Authenticate", `Basic realm="git"`) - http.Error(rw, "Authentication Required", 401) + http.Error(rw, "Authentication Required", http.StatusUnauthorized) return } urn := fmt.Sprintf("uid:%s", u) hash, ok := authMap[urn] if !ok { - http.Error(rw, "Bad Request", 400) + http.Error(rw, "Bad Request", http.StatusForbidden) return } token, err := base64.URLEncoding.DecodeString(p) if err != nil { - http.Error(rw, "Bad Request", 400) + http.Error(rw, "Bad Request", http.StatusBadRequest) return } if err := bcrypt.CompareHashAndPassword([]byte(hash), token); err != nil { - http.Error(rw, "Bad Request", 400) + http.Error(rw, "Bad Request", http.StatusForbidden) return } ctx := context.WithValue(req.Context(), "urn", urn) @@ -41,7 +40,7 @@ func Authentication(authMap TokenMap, next http.Handler) http.Handler { } // Authorization middleware to enforce authoirzation of all requests. -func Authorization(enf *casbin.Enforcer, next http.Handler) http.Handler { +func Authorization(enf *casbin.Enforcer, next http.HandlerFunc) http.Handler { return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { ctx := req.Context() urn := ctx.Value("urn") @@ -54,7 +53,7 @@ func Authorization(enf *casbin.Enforcer, next http.Handler) http.Handler { } if !ok { log.Printf("Access denied") - http.Error(rw, "Access denied", http.StatusUnauthorized) + http.Error(rw, "Access denied", http.StatusForbidden) } log.Printf("Method %s Url %s", action, repo) next.ServeHTTP(rw, req.WithContext(ctx)) |