42 lines
1.1 KiB
Go
42 lines
1.1 KiB
Go
|
package serve
|
||
|
|
|
||
|
|
import (
|
||
|
|
"context"
|
||
|
|
"net/http"
|
||
|
|
"strings"
|
||
|
|
)
|
||
|
|
|
||
|
|
type contextKey string
|
||
|
|
|
||
|
|
const userContextKey contextKey = "ax_user"
|
||
|
|
|
||
|
|
// withSessionAuth wraps a handler with ax session token authentication.
|
||
|
|
// Auth endpoints (/auth/*) are passed through without a token check.
|
||
|
|
// All other requests must supply Authorization: Bearer <server_token>.
|
||
|
|
func withSessionAuth(ah *authHandler, next http.Handler) http.Handler {
|
||
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||
|
|
if strings.HasPrefix(r.URL.Path, "/auth/") {
|
||
|
|
next.ServeHTTP(w, r)
|
||
|
|
return
|
||
|
|
}
|
||
|
|
auth := r.Header.Get("Authorization")
|
||
|
|
if !strings.HasPrefix(auth, "Bearer ") {
|
||
|
|
writeError(w, http.StatusUnauthorized, "Bearer token required")
|
||
|
|
return
|
||
|
|
}
|
||
|
|
token := strings.TrimPrefix(auth, "Bearer ")
|
||
|
|
username := ah.lookupSession(token)
|
||
|
|
if username == "" {
|
||
|
|
writeError(w, http.StatusUnauthorized, "invalid or expired session; run 'ax login'")
|
||
|
|
return
|
||
|
|
}
|
||
|
|
ctx := context.WithValue(r.Context(), userContextKey, username)
|
||
|
|
next.ServeHTTP(w, r.WithContext(ctx))
|
||
|
|
})
|
||
|
|
}
|
||
|
|
|
||
|
|
func userFromContext(r *http.Request) string {
|
||
|
|
v, _ := r.Context().Value(userContextKey).(string)
|
||
|
|
return v
|
||
|
|
}
|