improve rl.authenticateUser
This commit is contained in:
parent
f5e107e3a0
commit
8f5ce1d9fc
39
handlers.go
39
handlers.go
@ -246,22 +246,11 @@ func (rl *rushlink) viewActionSuccess(w http.ResponseWriter, r *http.Request, p
|
|||||||
|
|
||||||
func (rl *rushlink) newPasteHandler(w http.ResponseWriter, r *http.Request) {
|
func (rl *rushlink) newPasteHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
// Check if the user is authenticated
|
// Check if the user is authenticated
|
||||||
username, password, ok := r.BasicAuth()
|
user := rl.authenticateUser(w, r, false, nil)
|
||||||
if !ok {
|
if user == nil {
|
||||||
// User is not authenticated, return a 401 Unauthorized response
|
|
||||||
w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
|
|
||||||
w.WriteHeader(http.StatusUnauthorized)
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Authenticate the user
|
|
||||||
user, err := db.Authenticate(rl.db, username, password)
|
|
||||||
if err != nil {
|
|
||||||
// Authentication failed, return a 401 Unauthorized response
|
|
||||||
w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
|
|
||||||
w.WriteHeader(http.StatusUnauthorized)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
if err := r.ParseMultipartForm(formParseMaxMemory); err != nil {
|
if err := r.ParseMultipartForm(formParseMaxMemory); err != nil {
|
||||||
msg := fmt.Sprintf("could not parse form: %v\n", err)
|
msg := fmt.Sprintf("could not parse form: %v\n", err)
|
||||||
rl.renderError(w, r, http.StatusBadRequest, msg)
|
rl.renderError(w, r, http.StatusBadRequest, msg)
|
||||||
@ -322,25 +311,33 @@ func (rl *rushlink) createUserHandler(w http.ResponseWriter, r *http.Request) {
|
|||||||
w.WriteHeader(http.StatusCreated)
|
w.WriteHeader(http.StatusCreated)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (rl *rushlink) setWWWAuthenticate(w http.ResponseWriter, r *http.Request) {
|
||||||
|
// Set authentication headers for Basic Authentication
|
||||||
|
w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
|
||||||
|
w.WriteHeader(http.StatusUnauthorized)
|
||||||
|
}
|
||||||
|
|
||||||
func (rl *rushlink) authenticateUser(w http.ResponseWriter, r *http.Request, shouldBeAdmin bool, canAlsoBe *string) *db.User {
|
func (rl *rushlink) authenticateUser(w http.ResponseWriter, r *http.Request, shouldBeAdmin bool, canAlsoBe *string) *db.User {
|
||||||
// Check if the user is authenticated
|
// Check if the user is authenticated
|
||||||
username, password, ok := r.BasicAuth()
|
username, password, ok := r.BasicAuth()
|
||||||
if !ok {
|
if !ok {
|
||||||
// User is not authenticated, return a 401 Unauthorized response
|
// User is not authenticated, return a 401 Unauthorized response
|
||||||
w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
|
rl.setWWWAuthenticate(w, r)
|
||||||
w.WriteHeader(http.StatusUnauthorized)
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Authenticate the user
|
// Authenticate the user
|
||||||
user, err := db.Authenticate(rl.db, username, password)
|
user, err := db.Authenticate(rl.db, username, password)
|
||||||
if err != nil || (shouldBeAdmin && !user.Admin && (canAlsoBe == nil || *canAlsoBe != user.User)) {
|
if err != nil {
|
||||||
|
rl.setWWWAuthenticate(w, r)
|
||||||
|
log.Printf("authentication failure: %s", err)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
if (shouldBeAdmin && !user.Admin && (canAlsoBe == nil || *canAlsoBe != user.User)) {
|
||||||
// Authentication failed, return a 401 Unauthorized response
|
// Authentication failed, return a 401 Unauthorized response
|
||||||
w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
|
rl.setWWWAuthenticate(w, r)
|
||||||
w.WriteHeader(http.StatusUnauthorized)
|
log.Printf("user '%s' should be admin (or '%s'), but isn't", username, canAlsoBe)
|
||||||
if err != nil {
|
|
||||||
log.Printf("authentication failure: %s", err)
|
|
||||||
}
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
return user
|
return user
|
||||||
|
Loading…
Reference in New Issue
Block a user