2022-05-02 17:19:37 +02:00
|
|
|
package server
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2022-05-14 21:55:44 +02:00
|
|
|
"fmt"
|
2022-05-02 17:19:37 +02:00
|
|
|
"net/http"
|
|
|
|
|
2022-05-14 16:52:08 +02:00
|
|
|
"codeberg.org/u1f320/pronouns.cc/backend/server/auth"
|
2022-05-04 16:27:16 +02:00
|
|
|
"github.com/go-chi/render"
|
2022-05-02 17:19:37 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
// maybeAuth is a globally-used middleware.
|
|
|
|
func (s *Server) maybeAuth(next http.Handler) http.Handler {
|
|
|
|
fn := func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
token := r.Header.Get("Authorization")
|
|
|
|
if token == "" {
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
claims, err := s.Auth.Claims(token)
|
|
|
|
if err != nil {
|
2022-05-14 21:55:44 +02:00
|
|
|
fmt.Printf("%q: %q\n", "Authorization", token)
|
|
|
|
render.Status(r, errCodeStatuses[ErrForbidden])
|
|
|
|
render.JSON(w, r, APIError{
|
|
|
|
Code: ErrForbidden,
|
|
|
|
Message: errCodeMessages[ErrForbidden],
|
|
|
|
})
|
|
|
|
return
|
2022-05-02 17:19:37 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
ctx := context.WithValue(r.Context(), ctxKeyClaims, claims)
|
|
|
|
|
|
|
|
next.ServeHTTP(w, r.WithContext(ctx))
|
|
|
|
}
|
|
|
|
|
|
|
|
return http.HandlerFunc(fn)
|
|
|
|
}
|
|
|
|
|
|
|
|
// MustAuth makes a valid token required
|
|
|
|
func MustAuth(next http.Handler) http.Handler {
|
|
|
|
fn := func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
_, ok := ClaimsFromContext(r.Context())
|
|
|
|
if !ok {
|
2022-05-04 16:27:16 +02:00
|
|
|
render.Status(r, errCodeStatuses[ErrForbidden])
|
|
|
|
render.JSON(w, r, APIError{
|
|
|
|
Code: ErrForbidden,
|
|
|
|
Message: errCodeMessages[ErrForbidden],
|
|
|
|
})
|
|
|
|
return
|
2022-05-02 17:19:37 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
}
|
|
|
|
|
|
|
|
return http.HandlerFunc(fn)
|
|
|
|
}
|
|
|
|
|
|
|
|
// ClaimsFromContext returns the auth.Claims in the context, if any.
|
|
|
|
func ClaimsFromContext(ctx context.Context) (auth.Claims, bool) {
|
|
|
|
v := ctx.Value(ctxKeyClaims)
|
|
|
|
if v == nil {
|
|
|
|
return auth.Claims{}, false
|
|
|
|
}
|
|
|
|
|
|
|
|
claims, ok := v.(auth.Claims)
|
|
|
|
return claims, ok
|
|
|
|
}
|