neko/server/pkg/auth/auth.go

package auth

import (
	"context"
	"fmt"
	"net/http"

	"github.com/demodesk/neko/pkg/types"
	"github.com/demodesk/neko/pkg/utils"
)

type key int

const keySessionCtx key = iota

func SetSession(r *http.Request, session types.Session) context.Context {
	return context.WithValue(r.Context(), keySessionCtx, session)
}

func GetSession(r *http.Request) (types.Session, bool) {
	session, ok := r.Context().Value(keySessionCtx).(types.Session)
	return session, ok
}

func AdminsOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {
	session, ok := GetSession(r)
	if !ok || !session.Profile().IsAdmin {
		return nil, utils.HttpForbidden("session is not admin")
	}

	return nil, nil
}

func HostsOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {
	session, ok := GetSession(r)
	if !ok || !session.IsHost() {
		return nil, utils.HttpForbidden("session is not host")
	}

	return nil, nil
}

func HostsOrAdminsOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {
	session, ok := GetSession(r)
	if !ok || (!session.IsHost() && !session.Profile().IsAdmin) {
		return nil, utils.HttpForbidden("session is not host or admin")
	}

	return nil, nil
}

func CanWatchOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {
	session, ok := GetSession(r)
	if !ok || !session.Profile().CanWatch {
		return nil, utils.HttpForbidden("session cannot watch")
	}

	return nil, nil
}

func CanHostOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {
	session, ok := GetSession(r)
	if !ok || !session.Profile().CanHost {
		return nil, utils.HttpForbidden("session cannot host")
	}

	if session.PrivateModeEnabled() {
		return nil, utils.HttpUnprocessableEntity("private mode is enabled")
	}

	return nil, nil
}

func CanAccessClipboardOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {
	session, ok := GetSession(r)
	if !ok || !session.Profile().CanAccessClipboard {
		return nil, utils.HttpForbidden("session cannot access clipboard")
	}

	return nil, nil
}

func PluginsGenericOnly[V comparable](key string, exp V) func(w http.ResponseWriter, r *http.Request) (context.Context, error) {
	return func(w http.ResponseWriter, r *http.Request) (context.Context, error) {
		session, ok := GetSession(r)
		if !ok {
			return nil, utils.HttpForbidden("session not found")
		}

		plugins := session.Profile().Plugins

		if plugins[key] == nil {
			return nil, utils.HttpForbidden(fmt.Sprintf("missing plugin permission: %s=%T", key, exp))
		}

		val, ok := plugins[key].(V)
		if !ok {
			return nil, utils.HttpForbidden(fmt.Sprintf("invalid plugin permission type: %s=%T expected %T", key, plugins[key], exp))
		}

		if val != exp {
			return nil, utils.HttpForbidden(fmt.Sprintf("wrong plugin permission value for %s=%T", key, exp))
		}

		return nil, nil
	}
}
introduce REST API authorization. 2020-11-17 07:37:52 +13:00			`package auth`

			`import (`
			`"context"`
plugins generic only. 2022-05-12 10:12:15 +12:00			`"fmt"`
introduce REST API authorization. 2020-11-17 07:37:52 +13:00			`"net/http"`

rename module name from gitlab to github. 2022-07-14 10:58:22 +12:00			`"github.com/demodesk/neko/pkg/types"`
			`"github.com/demodesk/neko/pkg/utils"`
introduce REST API authorization. 2020-11-17 07:37:52 +13:00			`)`

			`type key int`

code fmt change. 2021-09-03 07:37:24 +12:00			`const keySessionCtx key = iota`
introduce REST API authorization. 2020-11-17 07:37:52 +13:00
use custom logger. 2021-09-17 10:58:50 +12:00			`func SetSession(r *http.Request, session types.Session) context.Context {`
			`return context.WithValue(r.Context(), keySessionCtx, session)`
introduce REST API authorization. 2020-11-17 07:37:52 +13:00			`}`

use custom logger. 2021-09-17 10:58:50 +12:00			`func GetSession(r *http.Request) (types.Session, bool) {`
			`session, ok := r.Context().Value(keySessionCtx).(types.Session)`
			`return session, ok`
introduce REST API authorization. 2020-11-17 07:37:52 +13:00			`}`

use custom logger. 2021-09-17 10:58:50 +12:00			`func AdminsOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {`
			`session, ok := GetSession(r)`
			`if !ok \|\| !session.Profile().IsAdmin {`
			`return nil, utils.HttpForbidden("session is not admin")`
			`}`

			`return nil, nil`
introduce REST API authorization. 2020-11-17 07:37:52 +13:00			`}`

use custom logger. 2021-09-17 10:58:50 +12:00			`func HostsOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {`
			`session, ok := GetSession(r)`
			`if !ok \|\| !session.IsHost() {`
			`return nil, utils.HttpForbidden("session is not host")`
			`}`

			`return nil, nil`
introduce REST API authorization. 2020-11-17 07:37:52 +13:00			`}`

fix control give for users. 2024-07-22 00:53:55 +12:00			`func HostsOrAdminsOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {`
			`session, ok := GetSession(r)`
			`if !ok \|\| (!session.IsHost() && !session.Profile().IsAdmin) {`
			`return nil, utils.HttpForbidden("session is not host or admin")`
			`}`

			`return nil, nil`
			`}`

use custom logger. 2021-09-17 10:58:50 +12:00			`func CanWatchOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {`
			`session, ok := GetSession(r)`
			`if !ok \|\| !session.Profile().CanWatch {`
			`return nil, utils.HttpForbidden("session cannot watch")`
			`}`

			`return nil, nil`
introduce REST API authorization. 2020-11-17 07:37:52 +13:00			`}`
add CanHostOnly. 2020-12-30 10:00:28 +13:00
use custom logger. 2021-09-17 10:58:50 +12:00			`func CanHostOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {`
			`session, ok := GetSession(r)`
			`if !ok \|\| !session.Profile().CanHost {`
			`return nil, utils.HttpForbidden("session cannot host")`
			`}`

private mode implementation. 2022-03-27 11:20:38 +13:00			`if session.PrivateModeEnabled() {`
			`return nil, utils.HttpUnprocessableEntity("private mode is enabled")`
			`}`

use custom logger. 2021-09-17 10:58:50 +12:00			`return nil, nil`
add CanHostOnly. 2020-12-30 10:00:28 +13:00			`}`
generate screenshot using Xlib. 2021-01-22 08:44:09 +13:00
use custom logger. 2021-09-17 10:58:50 +12:00			`func CanAccessClipboardOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {`
			`session, ok := GetSession(r)`
			`if !ok \|\| !session.Profile().CanAccessClipboard {`
			`return nil, utils.HttpForbidden("session cannot access clipboard")`
			`}`

			`return nil, nil`
generate screenshot using Xlib. 2021-01-22 08:44:09 +13:00			`}`
plugins generic only. 2022-05-12 10:12:15 +12:00
PluginsGenericOnly debug types. 2022-05-14 10:30:58 +12:00			`func PluginsGenericOnly[V comparable](key string, exp V) func(w http.ResponseWriter, r *http.Request) (context.Context, error) {`
plugins generic only. 2022-05-12 10:12:15 +12:00			`return func(w http.ResponseWriter, r *http.Request) (context.Context, error) {`
			`session, ok := GetSession(r)`
			`if !ok {`
			`return nil, utils.HttpForbidden("session not found")`
			`}`

			`plugins := session.Profile().Plugins`
PluginsGenericOnly debug types. 2022-05-14 10:30:58 +12:00
fix generic plugin error message. 2022-10-26 09:46:21 +13:00			`if plugins[key] == nil {`
			`return nil, utils.HttpForbidden(fmt.Sprintf("missing plugin permission: %s=%T", key, exp))`
			`}`

PluginsGenericOnly debug types. 2022-05-14 10:30:58 +12:00			`val, ok := plugins[key].(V)`
			`if !ok {`
fix generic plugin error message. 2022-10-26 09:46:21 +13:00			`return nil, utils.HttpForbidden(fmt.Sprintf("invalid plugin permission type: %s=%T expected %T", key, plugins[key], exp))`
plugins generic only. 2022-05-12 10:12:15 +12:00			`}`
PluginsGenericOnly debug types. 2022-05-14 10:30:58 +12:00
			`if val != exp {`
fix generic plugin error message. 2022-10-26 09:46:21 +13:00			`return nil, utils.HttpForbidden(fmt.Sprintf("wrong plugin permission value for %s=%T", key, exp))`
PluginsGenericOnly debug types. 2022-05-14 10:30:58 +12:00			`}`

plugins generic only. 2022-05-12 10:12:15 +12:00			`return nil, nil`
			`}`
			`}`