From 3c5c26e784fda35087059bda4363ba5fca999d0d Mon Sep 17 00:00:00 2001 From: Max Resnick Date: Thu, 24 Nov 2022 08:41:22 -0800 Subject: rename file --- internal/authz/handler.go | 61 ----------------------------------------------- 1 file changed, 61 deletions(-) delete mode 100644 internal/authz/handler.go (limited to 'internal/authz/handler.go') diff --git a/internal/authz/handler.go b/internal/authz/handler.go deleted file mode 100644 index 1dd06e3..0000000 --- a/internal/authz/handler.go +++ /dev/null @@ -1,61 +0,0 @@ -package authz - -import ( - "context" - "encoding/base64" - "fmt" - "log" - "net/http" - - "github.com/casbin/casbin/v2" - "golang.org/x/crypto/bcrypt" -) - -func Authentication(authMap TokenMap, next http.HandlerFunc) http.Handler { - return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { - u, p, ok := req.BasicAuth() - if !ok { - rw.Header().Set("WWW-Authenticate", `Basic realm="git"`) - http.Error(rw, "Authentication Required", http.StatusUnauthorized) - return - } - urn := fmt.Sprintf("uid:%s", u) - hash, ok := authMap[urn] - if !ok { - http.Error(rw, "Bad Request", http.StatusForbidden) - return - } - token, err := base64.URLEncoding.DecodeString(p) - if err != nil { - http.Error(rw, "Bad Request", http.StatusBadRequest) - return - } - if err := bcrypt.CompareHashAndPassword([]byte(hash), token); err != nil { - http.Error(rw, "Bad Request", http.StatusForbidden) - return - } - ctx := context.WithValue(req.Context(), "urn", urn) - next.ServeHTTP(rw, req.WithContext(ctx)) - }) -} - -// Authorization middleware to enforce authoirzation of all requests. -func Authorization(enf *casbin.Enforcer, next http.HandlerFunc) http.Handler { - return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { - ctx := req.Context() - urn := ctx.Value("urn") - repo := req.URL.Path - action := req.Method - ok, err := enf.Enforce(urn, repo, action) - if err != nil { - log.Printf("error running enforce %s", err) - http.Error(rw, "Bad Request", http.StatusBadRequest) - } - if !ok { - log.Printf("Access denied") - http.Error(rw, "Access denied", http.StatusForbidden) - } - log.Printf("Method %s Url %s", action, repo) - next.ServeHTTP(rw, req.WithContext(ctx)) - }) -} -- cgit v1.2.3