neko/internal/session/auth.go
2021-03-15 13:01:35 +01:00

51 lines
950 B
Go

package session
import (
"fmt"
"net/http"
"strings"
"demodesk/neko/internal/types"
)
func (manager *SessionManagerCtx) Authenticate(r *http.Request) (types.Session, error) {
token, ok := getToken(r)
if !ok {
return nil, fmt.Errorf("no authentication provided")
}
session, ok := manager.GetByToken(token)
if !ok {
return nil, fmt.Errorf("session not found")
}
if !session.Profile().CanLogin {
return nil, fmt.Errorf("login disabled")
}
return session, nil
}
func getToken(r *http.Request) (string, bool) {
// get from Header
reqToken := r.Header.Get("Authorization")
splitToken := strings.Split(reqToken, "Bearer ")
if len(splitToken) == 2 {
return strings.TrimSpace(splitToken[1]), true
}
// get from Cookie
cookie, err := r.Cookie("NEKO_SESSION")
if err == nil {
return cookie.Value, true
}
// get from URL
token := r.URL.Query().Get("token")
if token != "" {
return token, true
}
return "", false
}