neko/server/pkg/auth/auth.go

108 lines
2.8 KiB
Go
Raw Normal View History

2020-11-17 07:37:52 +13:00
package auth
import (
"context"
2022-05-12 10:12:15 +12:00
"fmt"
2020-11-17 07:37:52 +13:00
"net/http"
"github.com/demodesk/neko/pkg/types"
"github.com/demodesk/neko/pkg/utils"
2020-11-17 07:37:52 +13:00
)
type key int
2021-09-03 07:37:24 +12:00
const keySessionCtx key = iota
2020-11-17 07:37:52 +13:00
2021-09-17 10:58:50 +12:00
func SetSession(r *http.Request, session types.Session) context.Context {
return context.WithValue(r.Context(), keySessionCtx, session)
2020-11-17 07:37:52 +13:00
}
2021-09-17 10:58:50 +12:00
func GetSession(r *http.Request) (types.Session, bool) {
session, ok := r.Context().Value(keySessionCtx).(types.Session)
return session, ok
2020-11-17 07:37:52 +13:00
}
2021-09-17 10:58:50 +12:00
func AdminsOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {
session, ok := GetSession(r)
if !ok || !session.Profile().IsAdmin {
return nil, utils.HttpForbidden("session is not admin")
}
return nil, nil
2020-11-17 07:37:52 +13:00
}
2021-09-17 10:58:50 +12:00
func HostsOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {
session, ok := GetSession(r)
if !ok || !session.IsHost() {
return nil, utils.HttpForbidden("session is not host")
}
return nil, nil
2020-11-17 07:37:52 +13:00
}
2024-07-22 00:53:55 +12:00
func HostsOrAdminsOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {
session, ok := GetSession(r)
if !ok || (!session.IsHost() && !session.Profile().IsAdmin) {
return nil, utils.HttpForbidden("session is not host or admin")
}
return nil, nil
}
2021-09-17 10:58:50 +12:00
func CanWatchOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {
session, ok := GetSession(r)
if !ok || !session.Profile().CanWatch {
return nil, utils.HttpForbidden("session cannot watch")
}
return nil, nil
2020-11-17 07:37:52 +13:00
}
2020-12-30 10:00:28 +13:00
2021-09-17 10:58:50 +12:00
func CanHostOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {
session, ok := GetSession(r)
if !ok || !session.Profile().CanHost {
return nil, utils.HttpForbidden("session cannot host")
}
2022-03-27 11:20:38 +13:00
if session.PrivateModeEnabled() {
return nil, utils.HttpUnprocessableEntity("private mode is enabled")
}
2021-09-17 10:58:50 +12:00
return nil, nil
2020-12-30 10:00:28 +13:00
}
2021-01-22 08:44:09 +13:00
2021-09-17 10:58:50 +12:00
func CanAccessClipboardOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {
session, ok := GetSession(r)
if !ok || !session.Profile().CanAccessClipboard {
return nil, utils.HttpForbidden("session cannot access clipboard")
}
return nil, nil
2021-01-22 08:44:09 +13:00
}
2022-05-12 10:12:15 +12:00
2022-05-14 10:30:58 +12:00
func PluginsGenericOnly[V comparable](key string, exp V) func(w http.ResponseWriter, r *http.Request) (context.Context, error) {
2022-05-12 10:12:15 +12:00
return func(w http.ResponseWriter, r *http.Request) (context.Context, error) {
session, ok := GetSession(r)
if !ok {
return nil, utils.HttpForbidden("session not found")
}
plugins := session.Profile().Plugins
2022-05-14 10:30:58 +12:00
2022-10-26 09:46:21 +13:00
if plugins[key] == nil {
return nil, utils.HttpForbidden(fmt.Sprintf("missing plugin permission: %s=%T", key, exp))
}
2022-05-14 10:30:58 +12:00
val, ok := plugins[key].(V)
if !ok {
2022-10-26 09:46:21 +13:00
return nil, utils.HttpForbidden(fmt.Sprintf("invalid plugin permission type: %s=%T expected %T", key, plugins[key], exp))
2022-05-12 10:12:15 +12:00
}
2022-05-14 10:30:58 +12:00
if val != exp {
2022-10-26 09:46:21 +13:00
return nil, utils.HttpForbidden(fmt.Sprintf("wrong plugin permission value for %s=%T", key, exp))
2022-05-14 10:30:58 +12:00
}
2022-05-12 10:12:15 +12:00
return nil, nil
}
}