neko/internal/session/auth.go

package session

import (
	"fmt"
	"net/http"
	"strings"

	"demodesk/neko/internal/types"
)

func (manager *SessionManagerCtx) Authenticate(r *http.Request) (types.Session, error) {
	token, ok := getToken(r)
	if !ok {
		return nil, fmt.Errorf("no authentication provided")
	}

	session, ok := manager.GetByToken(token)
	if !ok {
		return nil, fmt.Errorf("session not found")
	}

	if !session.Profile().CanLogin {
		return nil, fmt.Errorf("login disabled")
	}

	return session, nil
}

func getToken(r *http.Request) (string, bool) {
	// get from Header
	reqToken := r.Header.Get("Authorization")
	splitToken := strings.Split(reqToken, "Bearer ")
	if len(splitToken) == 2 {
		return strings.TrimSpace(splitToken[1]), true
	}

	// get from Cookie
	cookie, err := r.Cookie("NEKO_SESSION")
	if err == nil {
		return cookie.Value, true
	}

	// get from URL
	token := r.URL.Query().Get("token")
	if token != "" {
		return token, true
	}

	return "", false
}
auth moved from websockets to session. 2020-11-02 06:39:12 +13:00			`package session`

			`import (`
			`"fmt"`
			`"net/http"`
fmt auth. 2021-03-14 09:44:38 +13:00			`"strings"`
auth moved from websockets to session. 2020-11-02 06:39:12 +13:00
refactor WS authentication. 2020-11-02 08:23:09 +13:00			`"demodesk/neko/internal/types"`
auth moved from websockets to session. 2020-11-02 06:39:12 +13:00			`)`

refactor authenticate to use Token. 2021-03-14 08:42:56 +13:00			`func (manager SessionManagerCtx) Authenticate(r http.Request) (types.Session, error) {`
			`token, ok := getToken(r)`
login with secret. 2020-11-28 07:59:54 +13:00			`if !ok {`
			`return nil, fmt.Errorf("no authentication provided")`
auth moved from websockets to session. 2020-11-02 06:39:12 +13:00			`}`

OnHostChanged event and add tokens to session. 2021-03-14 10:17:49 +13:00			`session, ok := manager.GetByToken(token)`
login with secret. 2020-11-28 07:59:54 +13:00			`if !ok {`
refactor authenticate to use Token. 2021-03-14 08:42:56 +13:00			`return nil, fmt.Errorf("session not found")`
+ CanLogin. 2020-12-07 06:48:50 +13:00			`}`

add CanLogin check for Authenticate. 2021-03-15 07:58:15 +13:00			`if !session.Profile().CanLogin {`
			`return nil, fmt.Errorf("login disabled")`
			`}`

login with secret. 2020-11-28 07:59:54 +13:00			`return session, nil`
auth moved from websockets to session. 2020-11-02 06:39:12 +13:00			`}`
allow login using Query. 2020-11-29 03:22:04 +13:00
refactor authenticate to use Token. 2021-03-14 08:42:56 +13:00			`func getToken(r *http.Request) (string, bool) {`
			`// get from Header`
			`reqToken := r.Header.Get("Authorization")`
			`splitToken := strings.Split(reqToken, "Bearer ")`
			`if len(splitToken) == 2 {`
			`return strings.TrimSpace(splitToken[1]), true`
allow login using Query. 2020-11-29 03:22:04 +13:00			`}`

change authorization methods request priorities. 2021-03-16 01:01:35 +13:00			`// get from Cookie`
			`cookie, err := r.Cookie("NEKO_SESSION")`
			`if err == nil {`
			`return cookie.Value, true`
			`}`

refactor authenticate to use Token. 2021-03-14 08:42:56 +13:00			`// get from URL`
			`token := r.URL.Query().Get("token")`
			`if token != "" {`
			`return token, true`
allow login using Query. 2020-11-29 03:22:04 +13:00			`}`

refactor authenticate to use Token. 2021-03-14 08:42:56 +13:00			`return "", false`
format Go source code. 2021-02-15 02:40:17 +13:00			`}`