middleware/middleware.go (raw)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 |
package middleware import ( "context" "fmt" "net/http" "nilfm.cc/git/quartzgun/auth" "nilfm.cc/git/quartzgun/cookie" ) func Protected(next http.Handler, method string, userStore auth.UserStore, login string) http.Handler { handlerFunc := func(w http.ResponseWriter, req *http.Request) { user, err := cookie.GetToken("user", req) if err == nil { session, err := cookie.GetToken("session", req) if err == nil { login, err := userStore.ValidateUser(user, session) if err == nil && login { fmt.Printf("authorized!\n") fmt.Printf("user: %s, session: %s\n", user, session) req.Method = method next.ServeHTTP(w, req) return } } } fmt.Printf("unauthorized...\n") req.Method = http.MethodGet http.Redirect(w, req, login, http.StatusSeeOther) } return http.HandlerFunc(handlerFunc) } func Bunt(next string, userStore auth.UserStore, denied string) http.Handler { handlerFunc := func(w http.ResponseWriter, req *http.Request) { user, err := cookie.GetToken("user", req) if err == nil { err := auth.Logout( user, userStore, w) if err == nil { req.Method = http.MethodGet http.Redirect(w, req, next, http.StatusSeeOther) return } } req.Method = http.MethodGet http.Redirect(w, req, denied, http.StatusUnauthorized) } return http.HandlerFunc(handlerFunc) } func Authorize(next string, userStore auth.UserStore, denied string) http.Handler { handlerFunc := func(w http.ResponseWriter, req *http.Request) { err := auth.Login( req.FormValue("user"), req.FormValue("password"), userStore, w, 24*7*52) if err == nil { req.Method = http.MethodGet fmt.Printf("logged in as %s\n", req.FormValue("user")) http.Redirect(w, req, next, http.StatusSeeOther) } else { fmt.Printf("login failed!\n") req.Method = http.MethodGet http.Redirect(w, req, denied, http.StatusSeeOther) } } return http.HandlerFunc(handlerFunc) } func Fortify(next http.Handler) http.Handler { handlerFunc := func(w http.ResponseWriter, req *http.Request) { token, err := cookie.GetToken("csrfToken", req) if err == nil { *req = *req.WithContext( context.WithValue( req.Context(), "csrfToken", token)) } next.ServeHTTP(w, req) } return http.HandlerFunc(handlerFunc) } func Defend(next http.Handler, userStore auth.UserStore, denied string) http.Handler { handlerFunc := func(w http.ResponseWriter, req *http.Request) { user, err := cookie.GetToken("user", req) if err == nil { masterToken, err := userStore.GetData(user, "csrfToken") if err == nil { cookieToken, err := cookie.GetToken("csrfToken", req) if err == nil { formToken := req.FormValue("csrfToken") if formToken == cookieToken && formToken == masterToken.(string) { next.ServeHTTP(w, req) return } } } } http.Redirect(w, req, denied, http.StatusUnauthorized) } return http.HandlerFunc(handlerFunc) } |