forked from electricdusk/rushlink
improve rl.authenticateUser
This commit is contained in:
parent
f5e107e3a0
commit
8f5ce1d9fc
35
handlers.go
35
handlers.go
@ -246,22 +246,11 @@ func (rl *rushlink) viewActionSuccess(w http.ResponseWriter, r *http.Request, p
|
||||
|
||||
func (rl *rushlink) newPasteHandler(w http.ResponseWriter, r *http.Request) {
|
||||
// Check if the user is authenticated
|
||||
username, password, ok := r.BasicAuth()
|
||||
if !ok {
|
||||
// User is not authenticated, return a 401 Unauthorized response
|
||||
w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
user := rl.authenticateUser(w, r, false, nil)
|
||||
if user == nil {
|
||||
return
|
||||
}
|
||||
|
||||
// Authenticate the user
|
||||
user, err := db.Authenticate(rl.db, username, password)
|
||||
if err != nil {
|
||||
// Authentication failed, return a 401 Unauthorized response
|
||||
w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
if err := r.ParseMultipartForm(formParseMaxMemory); err != nil {
|
||||
msg := fmt.Sprintf("could not parse form: %v\n", err)
|
||||
rl.renderError(w, r, http.StatusBadRequest, msg)
|
||||
@ -322,25 +311,33 @@ func (rl *rushlink) createUserHandler(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusCreated)
|
||||
}
|
||||
|
||||
func (rl *rushlink) setWWWAuthenticate(w http.ResponseWriter, r *http.Request) {
|
||||
// Set authentication headers for Basic Authentication
|
||||
w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
}
|
||||
|
||||
func (rl *rushlink) authenticateUser(w http.ResponseWriter, r *http.Request, shouldBeAdmin bool, canAlsoBe *string) *db.User {
|
||||
// Check if the user is authenticated
|
||||
username, password, ok := r.BasicAuth()
|
||||
if !ok {
|
||||
// User is not authenticated, return a 401 Unauthorized response
|
||||
w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
rl.setWWWAuthenticate(w, r)
|
||||
return nil
|
||||
}
|
||||
|
||||
// Authenticate the user
|
||||
user, err := db.Authenticate(rl.db, username, password)
|
||||
if err != nil || (shouldBeAdmin && !user.Admin && (canAlsoBe == nil || *canAlsoBe != user.User)) {
|
||||
// Authentication failed, return a 401 Unauthorized response
|
||||
w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
if err != nil {
|
||||
rl.setWWWAuthenticate(w, r)
|
||||
log.Printf("authentication failure: %s", err)
|
||||
return nil
|
||||
}
|
||||
|
||||
if (shouldBeAdmin && !user.Admin && (canAlsoBe == nil || *canAlsoBe != user.User)) {
|
||||
// Authentication failed, return a 401 Unauthorized response
|
||||
rl.setWWWAuthenticate(w, r)
|
||||
log.Printf("user '%s' should be admin (or '%s'), but isn't", username, canAlsoBe)
|
||||
return nil
|
||||
}
|
||||
return user
|
||||
|
Loading…
Reference in New Issue
Block a user