2020-11-17 07:37:52 +13:00
|
|
|
package auth
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2022-05-12 10:12:15 +12:00
|
|
|
"fmt"
|
2020-11-17 07:37:52 +13:00
|
|
|
"net/http"
|
|
|
|
|
2022-03-20 23:43:00 +13:00
|
|
|
"gitlab.com/demodesk/neko/server/pkg/types"
|
|
|
|
"gitlab.com/demodesk/neko/server/pkg/utils"
|
2020-11-17 07:37:52 +13:00
|
|
|
)
|
|
|
|
|
|
|
|
type key int
|
|
|
|
|
2021-09-03 07:37:24 +12:00
|
|
|
const keySessionCtx key = iota
|
2020-11-17 07:37:52 +13:00
|
|
|
|
2021-09-17 10:58:50 +12:00
|
|
|
func SetSession(r *http.Request, session types.Session) context.Context {
|
|
|
|
return context.WithValue(r.Context(), keySessionCtx, session)
|
2020-11-17 07:37:52 +13:00
|
|
|
}
|
|
|
|
|
2021-09-17 10:58:50 +12:00
|
|
|
func GetSession(r *http.Request) (types.Session, bool) {
|
|
|
|
session, ok := r.Context().Value(keySessionCtx).(types.Session)
|
|
|
|
return session, ok
|
2020-11-17 07:37:52 +13:00
|
|
|
}
|
|
|
|
|
2021-09-17 10:58:50 +12:00
|
|
|
func AdminsOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {
|
|
|
|
session, ok := GetSession(r)
|
|
|
|
if !ok || !session.Profile().IsAdmin {
|
|
|
|
return nil, utils.HttpForbidden("session is not admin")
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil, nil
|
2020-11-17 07:37:52 +13:00
|
|
|
}
|
|
|
|
|
2021-09-17 10:58:50 +12:00
|
|
|
func HostsOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {
|
|
|
|
session, ok := GetSession(r)
|
|
|
|
if !ok || !session.IsHost() {
|
|
|
|
return nil, utils.HttpForbidden("session is not host")
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil, nil
|
2020-11-17 07:37:52 +13:00
|
|
|
}
|
|
|
|
|
2021-09-17 10:58:50 +12:00
|
|
|
func CanWatchOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {
|
|
|
|
session, ok := GetSession(r)
|
|
|
|
if !ok || !session.Profile().CanWatch {
|
|
|
|
return nil, utils.HttpForbidden("session cannot watch")
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil, nil
|
2020-11-17 07:37:52 +13:00
|
|
|
}
|
2020-12-30 10:00:28 +13:00
|
|
|
|
2021-09-17 10:58:50 +12:00
|
|
|
func CanHostOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {
|
|
|
|
session, ok := GetSession(r)
|
|
|
|
if !ok || !session.Profile().CanHost {
|
|
|
|
return nil, utils.HttpForbidden("session cannot host")
|
|
|
|
}
|
|
|
|
|
2022-03-27 11:20:38 +13:00
|
|
|
if session.PrivateModeEnabled() {
|
|
|
|
return nil, utils.HttpUnprocessableEntity("private mode is enabled")
|
|
|
|
}
|
|
|
|
|
2021-09-17 10:58:50 +12:00
|
|
|
return nil, nil
|
2020-12-30 10:00:28 +13:00
|
|
|
}
|
2021-01-22 08:44:09 +13:00
|
|
|
|
2021-09-17 10:58:50 +12:00
|
|
|
func CanAccessClipboardOnly(w http.ResponseWriter, r *http.Request) (context.Context, error) {
|
|
|
|
session, ok := GetSession(r)
|
|
|
|
if !ok || !session.Profile().CanAccessClipboard {
|
|
|
|
return nil, utils.HttpForbidden("session cannot access clipboard")
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil, nil
|
2021-01-22 08:44:09 +13:00
|
|
|
}
|
2022-05-12 10:12:15 +12:00
|
|
|
|
2022-05-14 10:30:58 +12:00
|
|
|
func PluginsGenericOnly[V comparable](key string, exp V) func(w http.ResponseWriter, r *http.Request) (context.Context, error) {
|
2022-05-12 10:12:15 +12:00
|
|
|
return func(w http.ResponseWriter, r *http.Request) (context.Context, error) {
|
|
|
|
session, ok := GetSession(r)
|
|
|
|
if !ok {
|
|
|
|
return nil, utils.HttpForbidden("session not found")
|
|
|
|
}
|
|
|
|
|
|
|
|
plugins := session.Profile().Plugins
|
2022-05-14 10:30:58 +12:00
|
|
|
|
|
|
|
val, ok := plugins[key].(V)
|
|
|
|
if !ok {
|
|
|
|
return nil, utils.HttpForbidden(fmt.Sprintf("%s is %T, but expected %T", key, plugins[key], exp))
|
2022-05-12 10:12:15 +12:00
|
|
|
}
|
2022-05-14 10:30:58 +12:00
|
|
|
|
|
|
|
if val != exp {
|
|
|
|
return nil, utils.HttpForbidden(fmt.Sprintf("%s is set to %v, but expected %v", key, val, exp))
|
|
|
|
}
|
|
|
|
|
2022-05-12 10:12:15 +12:00
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
}
|