neko/internal/session/auth.go

package session

import (
	"fmt"
	"net/http"
	"strings"

	"demodesk/neko/internal/types"
	"demodesk/neko/internal/utils"
)

const (
	token_name = "password"
)

func (manager *SessionManagerCtx) Authenticate(r *http.Request) (types.Session, error) {
	token := getToken(r)
	if token == "" {
		return nil, fmt.Errorf("no password provided")
	}

	isAdmin := (token == manager.config.AdminPassword)
	isUser := (token == manager.config.Password)

	if !isAdmin && !isUser {
		return nil, fmt.Errorf("invalid password")
	}

	id, err := utils.NewUID(32)
	if err != nil {
		return nil, err
	}

	return manager.New(id, isAdmin), nil
}

func getToken(r *http.Request) string {
	// Get token from query
	if token := r.URL.Query().Get(token_name); token != "" {
		return token
	}

	// Get token from authorization header
	bearer := r.Header.Get("Authorization")
	if len(bearer) > 7 && strings.ToUpper(bearer[0:6]) == "BEARER" {
		return bearer[7:]
	}

	// Get token from cookie
	cookie, err := r.Cookie(token_name)
	if err == nil {
		return cookie.Value
	}

	return ""
}
auth moved from websockets to session. 2020-11-02 06:39:12 +13:00			`package session`

			`import (`
			`"fmt"`
			`"net/http"`
refactor WS authentication. 2020-11-02 08:23:09 +13:00			`"strings"`
auth moved from websockets to session. 2020-11-02 06:39:12 +13:00
refactor WS authentication. 2020-11-02 08:23:09 +13:00			`"demodesk/neko/internal/types"`
auth moved from websockets to session. 2020-11-02 06:39:12 +13:00			`"demodesk/neko/internal/utils"`
			`)`

refactor WS authentication. 2020-11-02 08:23:09 +13:00			`const (`
			`token_name = "password"`
			`)`

			`func (manager SessionManagerCtx) Authenticate(r http.Request) (types.Session, error) {`
			`token := getToken(r)`
			`if token == "" {`
			`return nil, fmt.Errorf("no password provided")`
			`}`
auth moved from websockets to session. 2020-11-02 06:39:12 +13:00
refactor WS authentication. 2020-11-02 08:23:09 +13:00			`isAdmin := (token == manager.config.AdminPassword)`
			`isUser := (token == manager.config.Password)`

			`if !isAdmin && !isUser {`
			`return nil, fmt.Errorf("invalid password")`
			`}`
auth moved from websockets to session. 2020-11-02 06:39:12 +13:00
			`id, err := utils.NewUID(32)`
			`if err != nil {`
refactor WS authentication. 2020-11-02 08:23:09 +13:00			`return nil, err`
auth moved from websockets to session. 2020-11-02 06:39:12 +13:00			`}`

refactor WS authentication. 2020-11-02 08:23:09 +13:00			`return manager.New(id, isAdmin), nil`
			`}`

			`func getToken(r *http.Request) string {`
			`// Get token from query`
			`if token := r.URL.Query().Get(token_name); token != "" {`
			`return token`
auth moved from websockets to session. 2020-11-02 06:39:12 +13:00			`}`

refactor WS authentication. 2020-11-02 08:23:09 +13:00			`// Get token from authorization header`
			`bearer := r.Header.Get("Authorization")`
			`if len(bearer) > 7 && strings.ToUpper(bearer[0:6]) == "BEARER" {`
			`return bearer[7:]`
auth moved from websockets to session. 2020-11-02 06:39:12 +13:00			`}`

refactor WS authentication. 2020-11-02 08:23:09 +13:00			`// Get token from cookie`
			`cookie, err := r.Cookie(token_name)`
			`if err == nil {`
			`return cookie.Value`
auth moved from websockets to session. 2020-11-02 06:39:12 +13:00			`}`

refactor WS authentication. 2020-11-02 08:23:09 +13:00			`return ""`
auth moved from websockets to session. 2020-11-02 06:39:12 +13:00			`}`