introduce REST API authorization.

2024-07-24 14:40:50 +12:00 · 2020-11-16 19:37:52 +01:00
parent 316533dab0
commit 0dab2a99d3
3 changed files with 64 additions and 18 deletions
--- a/internal/http/auth/auth.go
+++ b/internal/http/auth/auth.go
@ -0,0 +1,57 @@
+package auth
+
+import (
+	"context"
+	"net/http"
+
+	"demodesk/neko/internal/types"
+	"demodesk/neko/internal/utils"
+)
+
+type key int
+
+const (
+    keySessionCtx key = iota
+)
+
+func SetSession(r *http.Request, session types.Session) *http.Request {
+	ctx := context.WithValue(r.Context(), keySessionCtx, session)
+	return r.WithContext(ctx)
+}
+
+func GetSession(r *http.Request) types.Session {
+	return r.Context().Value(keySessionCtx).(types.Session)
+}
+
+func AdminsOnly(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		session := GetSession(r)
+		if !session.Admin() {
+			utils.HttpNotAuthorized(w)
+		} else {
+			next.ServeHTTP(w, r)
+		}
+	})
+}
+
+func HostsOnly(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		session := GetSession(r)
+		if !session.IsHost() {
+			utils.HttpNotAuthorized(w, "Only host can do this.")
+		} else {
+			next.ServeHTTP(w, r)
+		}
+	})
+}
+
+func HostsOrAdminsOnly(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		session := GetSession(r)
+		if !session.IsHost() && !session.Admin() {
+			utils.HttpNotAuthorized(w, "Only host can do this.")
+		} else {
+			next.ServeHTTP(w, r)
+		}
+	})
+}