This commit is contained in:
parent
8ee314b0bb
commit
daf401a2f7
SSH key fingerprint:
SHA256:9VAo09aaVNTWKzPW7Hq2LW+ox9OdwmTSHRoD4mlz1yI
9 changed files with 73 additions and 61 deletions
|
|
@ -7,9 +7,10 @@ import (
|
|||
"strings"
|
||||
"time"
|
||||
|
||||
httputil "git.mstar.dev/mstar/goutils/http"
|
||||
"github.com/rs/zerolog/hlog"
|
||||
"github.com/rs/zerolog/log"
|
||||
"git.mstar.dev/mstar/goutils/other"
|
||||
|
||||
"git.mstar.dev/mstar/linstrom/config"
|
||||
"git.mstar.dev/mstar/linstrom/storage"
|
||||
)
|
||||
|
|
@ -68,7 +69,7 @@ func passkeyIdToAccountIdTransformerMiddleware(handler http.Handler) http.Handle
|
|||
log := hlog.FromRequest(r)
|
||||
passkeyId, ok := r.Context().Value(ContextKeyPasskeyUsername).(string)
|
||||
if !ok {
|
||||
other.HttpErr(
|
||||
httputil.HttpErr(
|
||||
w,
|
||||
HttpErrIdMissingContextValue,
|
||||
"Actor name missing",
|
||||
|
|
@ -79,7 +80,7 @@ func passkeyIdToAccountIdTransformerMiddleware(handler http.Handler) http.Handle
|
|||
log.Debug().Bytes("passkey-bytes", []byte(passkeyId)).Msg("Id from passkey auth")
|
||||
acc, err := s.FindAccountByPasskeyId([]byte(passkeyId))
|
||||
if err != nil {
|
||||
other.HttpErr(
|
||||
httputil.HttpErr(
|
||||
w,
|
||||
HttpErrIdDbFailure,
|
||||
"Failed to get account from storage",
|
||||
|
|
@ -95,7 +96,7 @@ func passkeyIdToAccountIdTransformerMiddleware(handler http.Handler) http.Handle
|
|||
func profilingAuthenticationMiddleware(handler http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.FormValue("password") != config.GlobalConfig.Admin.ProfilingPassword {
|
||||
other.HttpErr(w, HttpErrIdNotAuthenticated, "Bad password", http.StatusUnauthorized)
|
||||
httputil.HttpErr(w, HttpErrIdNotAuthenticated, "Bad password", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
handler.ServeHTTP(w, r)
|
||||
|
|
@ -166,7 +167,7 @@ func requireValidSessionMiddleware(
|
|||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
_, ok := r.Context().Value(ContextKeyActorId).(string)
|
||||
if !ok {
|
||||
other.HttpErr(
|
||||
httputil.HttpErr(
|
||||
w,
|
||||
HttpErrIdNotAuthenticated,
|
||||
"Not authenticated",
|
||||
|
|
@ -183,7 +184,7 @@ func buildRequirePermissionsMiddleware(permissionRole *storage.Role) HandlerBuil
|
|||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
accId, ok := r.Context().Value(ContextKeyActorId).(string)
|
||||
if !ok {
|
||||
other.HttpErr(
|
||||
httputil.HttpErr(
|
||||
w,
|
||||
HttpErrIdNotAuthenticated,
|
||||
"Not authenticated",
|
||||
|
|
@ -201,7 +202,7 @@ func buildRequirePermissionsMiddleware(permissionRole *storage.Role) HandlerBuil
|
|||
Err(err).
|
||||
Str("account-id", accId).
|
||||
Msg("Error while getting account from session")
|
||||
other.HttpErr(
|
||||
httputil.HttpErr(
|
||||
w,
|
||||
HttpErrIdDbFailure,
|
||||
"Error while getting account from session",
|
||||
|
|
@ -212,7 +213,7 @@ func buildRequirePermissionsMiddleware(permissionRole *storage.Role) HandlerBuil
|
|||
roles, err := store.FindRolesByNames(acc.Roles)
|
||||
// Assumption: There will always be at least two roles per user, default user and user-specific one
|
||||
if err != nil {
|
||||
other.HttpErr(
|
||||
httputil.HttpErr(
|
||||
w,
|
||||
HttpErrIdDbFailure,
|
||||
"Failed to get roles for account",
|
||||
|
|
@ -222,7 +223,7 @@ func buildRequirePermissionsMiddleware(permissionRole *storage.Role) HandlerBuil
|
|||
}
|
||||
collapsedRole := storage.CollapseRolesIntoOne(roles...)
|
||||
if !storage.CompareRoles(&collapsedRole, permissionRole) {
|
||||
other.HttpErr(
|
||||
httputil.HttpErr(
|
||||
w,
|
||||
HttpErrIdNotAuthenticated,
|
||||
"Insufficient permisions",
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue