From 3c5c26e784fda35087059bda4363ba5fca999d0d Mon Sep 17 00:00:00 2001 From: Max Resnick Date: Thu, 24 Nov 2022 08:41:22 -0800 Subject: rename file --- internal/authz/handler.go | 61 -------------------------------------------- internal/authz/middleware.go | 61 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+), 61 deletions(-) delete mode 100644 internal/authz/handler.go create mode 100644 internal/authz/middleware.go (limited to 'internal') diff --git a/internal/authz/handler.go b/internal/authz/handler.go deleted file mode 100644 index 1dd06e3..0000000 --- a/internal/authz/handler.go +++ /dev/null @@ -1,61 +0,0 @@ -package authz - -import ( - "context" - "encoding/base64" - "fmt" - "log" - "net/http" - - "github.com/casbin/casbin/v2" - "golang.org/x/crypto/bcrypt" -) - -func Authentication(authMap TokenMap, next http.HandlerFunc) http.Handler { - return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { - u, p, ok := req.BasicAuth() - if !ok { - rw.Header().Set("WWW-Authenticate", `Basic realm="git"`) - http.Error(rw, "Authentication Required", http.StatusUnauthorized) - return - } - urn := fmt.Sprintf("uid:%s", u) - hash, ok := authMap[urn] - if !ok { - http.Error(rw, "Bad Request", http.StatusForbidden) - return - } - token, err := base64.URLEncoding.DecodeString(p) - if err != nil { - http.Error(rw, "Bad Request", http.StatusBadRequest) - return - } - if err := bcrypt.CompareHashAndPassword([]byte(hash), token); err != nil { - http.Error(rw, "Bad Request", http.StatusForbidden) - return - } - ctx := context.WithValue(req.Context(), "urn", urn) - next.ServeHTTP(rw, req.WithContext(ctx)) - }) -} - -// Authorization middleware to enforce authoirzation of all requests. -func Authorization(enf *casbin.Enforcer, next http.HandlerFunc) http.Handler { - return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { - ctx := req.Context() - urn := ctx.Value("urn") - repo := req.URL.Path - action := req.Method - ok, err := enf.Enforce(urn, repo, action) - if err != nil { - log.Printf("error running enforce %s", err) - http.Error(rw, "Bad Request", http.StatusBadRequest) - } - if !ok { - log.Printf("Access denied") - http.Error(rw, "Access denied", http.StatusForbidden) - } - log.Printf("Method %s Url %s", action, repo) - next.ServeHTTP(rw, req.WithContext(ctx)) - }) -} diff --git a/internal/authz/middleware.go b/internal/authz/middleware.go new file mode 100644 index 0000000..1dd06e3 --- /dev/null +++ b/internal/authz/middleware.go @@ -0,0 +1,61 @@ +package authz + +import ( + "context" + "encoding/base64" + "fmt" + "log" + "net/http" + + "github.com/casbin/casbin/v2" + "golang.org/x/crypto/bcrypt" +) + +func Authentication(authMap TokenMap, next http.HandlerFunc) http.Handler { + return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { + u, p, ok := req.BasicAuth() + if !ok { + rw.Header().Set("WWW-Authenticate", `Basic realm="git"`) + http.Error(rw, "Authentication Required", http.StatusUnauthorized) + return + } + urn := fmt.Sprintf("uid:%s", u) + hash, ok := authMap[urn] + if !ok { + http.Error(rw, "Bad Request", http.StatusForbidden) + return + } + token, err := base64.URLEncoding.DecodeString(p) + if err != nil { + http.Error(rw, "Bad Request", http.StatusBadRequest) + return + } + if err := bcrypt.CompareHashAndPassword([]byte(hash), token); err != nil { + http.Error(rw, "Bad Request", http.StatusForbidden) + return + } + ctx := context.WithValue(req.Context(), "urn", urn) + next.ServeHTTP(rw, req.WithContext(ctx)) + }) +} + +// Authorization middleware to enforce authoirzation of all requests. +func Authorization(enf *casbin.Enforcer, next http.HandlerFunc) http.Handler { + return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { + ctx := req.Context() + urn := ctx.Value("urn") + repo := req.URL.Path + action := req.Method + ok, err := enf.Enforce(urn, repo, action) + if err != nil { + log.Printf("error running enforce %s", err) + http.Error(rw, "Bad Request", http.StatusBadRequest) + } + if !ok { + log.Printf("Access denied") + http.Error(rw, "Access denied", http.StatusForbidden) + } + log.Printf("Method %s Url %s", action, repo) + next.ServeHTTP(rw, req.WithContext(ctx)) + }) +} -- cgit v1.2.3