wakapi/middlewares/authenticate.go

package middlewares

import (
	"context"
	"fmt"
	conf "github.com/muety/wakapi/config"
	"github.com/muety/wakapi/models"
	"github.com/muety/wakapi/services"
	"github.com/muety/wakapi/utils"
	"net/http"
	"strings"
)

type AuthenticateMiddleware struct {
	config         *conf.Config
	userSrvc       services.IUserService
	whitelistPaths []string
}

func NewAuthenticateMiddleware(userService services.IUserService, whitelistPaths []string) *AuthenticateMiddleware {
	return &AuthenticateMiddleware{
		config:         conf.Get(),
		userSrvc:       userService,
		whitelistPaths: whitelistPaths,
	}
}

func (m *AuthenticateMiddleware) Handler(h http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		m.ServeHTTP(w, r, h.ServeHTTP)
	})
}

func (m *AuthenticateMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
	for _, p := range m.whitelistPaths {
		if strings.HasPrefix(r.URL.Path, p) || r.URL.Path == p {
			next(w, r)
			return
		}
	}

	var user *models.User
	user, err := m.tryGetUserByCookie(r)

	if err != nil {
		user, err = m.tryGetUserByApiKey(r)
	}

	if err != nil {
		if strings.HasPrefix(r.URL.Path, "/api") {
			w.WriteHeader(http.StatusUnauthorized)
		} else {
			http.SetCookie(w, m.config.GetClearCookie(models.AuthCookieKey, "/"))
			http.Redirect(w, r, fmt.Sprintf("%s/?error=unauthorized", m.config.Server.BasePath), http.StatusFound)
		}
		return
	}

	ctx := context.WithValue(r.Context(), models.UserKey, user)
	next(w, r.WithContext(ctx))
}

func (m *AuthenticateMiddleware) tryGetUserByApiKey(r *http.Request) (*models.User, error) {
	key, err := utils.ExtractBearerAuth(r)
	if err != nil {
		return nil, err
	}

	var user *models.User
	userKey := strings.TrimSpace(key)
	user, err = m.userSrvc.GetUserByKey(userKey)
	if err != nil {
		return nil, err
	}
	return user, nil
}

func (m *AuthenticateMiddleware) tryGetUserByCookie(r *http.Request) (*models.User, error) {
	username, err := utils.ExtractCookieAuth(r, m.config)
	if err != nil {
		return nil, err
	}

	user, err := m.userSrvc.GetUserById(*username)
	if err != nil {
		return nil, err
	}

	// no need to check password here, as securecookie decoding will fail anyway,
	// if cookie is not properly signed

	return user, nil
}
Heartbeat Insertions. Restructuring. 2019-05-06 01:40:41 +03:00			`package middlewares`

			`import (`
			`"context"`
fix: base path for error redirects 2020-05-24 18:39:19 +03:00			`"fmt"`
chore: minor code restyling 2020-10-16 17:11:14 +03:00			`conf "github.com/muety/wakapi/config"`
fix: move caching out of authentication middleware 2021-01-22 01:19:17 +03:00			`"github.com/muety/wakapi/models"`
			`"github.com/muety/wakapi/services"`
refactor: use cookie-based login feat: add login page 2020-05-24 14:41:19 +03:00			`"github.com/muety/wakapi/utils"`
Heartbeat Insertions. Restructuring. 2019-05-06 01:40:41 +03:00			`"net/http"`
			`"strings"`
			`)`

			`type AuthenticateMiddleware struct {`
chore: minor code restyling 2020-10-16 17:11:14 +03:00			`config *conf.Config`
refactor: define interface types for all services and repositories 2020-11-08 12:12:49 +03:00			`userSrvc services.IUserService`
refactor: use cookie-based login feat: add login page 2020-05-24 14:41:19 +03:00			`whitelistPaths []string`
Add user cache in authentication middleware. 2019-05-21 15:23:41 +03:00			`}`

refactor: define interface types for all services and repositories 2020-11-08 12:12:49 +03:00			`func NewAuthenticateMiddleware(userService services.IUserService, whitelistPaths []string) *AuthenticateMiddleware {`
refactor: use cookie-based login feat: add login page 2020-05-24 14:41:19 +03:00			`return &AuthenticateMiddleware{`
chore: minor code restyling 2020-10-16 17:11:14 +03:00			`config: conf.Get(),`
refactor: use cookie-based login feat: add login page 2020-05-24 14:41:19 +03:00			`userSrvc: userService,`
			`whitelistPaths: whitelistPaths,`
Add user cache in authentication middleware. 2019-05-21 15:23:41 +03:00			`}`
Heartbeat Insertions. Restructuring. 2019-05-06 01:40:41 +03:00			`}`

refactor: middlewares and get rid of negroni 2020-05-24 15:50:04 +03:00			`func (m *AuthenticateMiddleware) Handler(h http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`m.ServeHTTP(w, r, h.ServeHTTP)`
			`})`
			`}`

			`func (m AuthenticateMiddleware) ServeHTTP(w http.ResponseWriter, r http.Request, next http.HandlerFunc) {`
refactor: use cookie-based login feat: add login page 2020-05-24 14:41:19 +03:00			`for _, p := range m.whitelistPaths {`
Add health endpoint. 2020-04-08 22:29:11 +03:00			`if strings.HasPrefix(r.URL.Path, p) \|\| r.URL.Path == p {`
			`next(w, r)`
			`return`
			`}`
			`}`

Support for username-password authentication. 2019-05-21 23:40:59 +03:00			`var user *models.User`
refactor: use cookie-based login feat: add login page 2020-05-24 14:41:19 +03:00			`user, err := m.tryGetUserByCookie(r)`
Support for username-password authentication. 2019-05-21 23:40:59 +03:00
			`if err != nil {`
refactor: use cookie-based login feat: add login page 2020-05-24 14:41:19 +03:00			`user, err = m.tryGetUserByApiKey(r)`
Support for username-password authentication. 2019-05-21 23:40:59 +03:00			`}`

			`if err != nil {`
refactor: use cookie-based login feat: add login page 2020-05-24 14:41:19 +03:00			`if strings.HasPrefix(r.URL.Path, "/api") {`
			`w.WriteHeader(http.StatusUnauthorized)`
			`} else {`
chore: set samesite attributes and configurable max age for cookies (resolve #75) fix: sort entities by total time descending (resolve #74) 2020-11-22 00:30:56 +03:00			`http.SetCookie(w, m.config.GetClearCookie(models.AuthCookieKey, "/"))`
refactor: migrate to new config (resolve #54) 2020-10-04 11:37:38 +03:00			`http.Redirect(w, r, fmt.Sprintf("%s/?error=unauthorized", m.config.Server.BasePath), http.StatusFound)`
refactor: use cookie-based login feat: add login page 2020-05-24 14:41:19 +03:00			`}`
Heartbeat Insertions. Restructuring. 2019-05-06 01:40:41 +03:00			`return`
			`}`

Support for username-password authentication. 2019-05-21 23:40:59 +03:00			`ctx := context.WithValue(r.Context(), models.UserKey, user)`
			`next(w, r.WithContext(ctx))`
			`}`

refactor: use cookie-based login feat: add login page 2020-05-24 14:41:19 +03:00			`func (m AuthenticateMiddleware) tryGetUserByApiKey(r http.Request) (*models.User, error) {`
			`key, err := utils.ExtractBearerAuth(r)`
Heartbeat Insertions. Restructuring. 2019-05-06 01:40:41 +03:00			`if err != nil {`
refactor: use cookie-based login feat: add login page 2020-05-24 14:41:19 +03:00			`return nil, err`
Heartbeat Insertions. Restructuring. 2019-05-06 01:40:41 +03:00			`}`

Add user cache in authentication middleware. 2019-05-21 15:23:41 +03:00			`var user *models.User`
refactor: use cookie-based login feat: add login page 2020-05-24 14:41:19 +03:00			`userKey := strings.TrimSpace(key)`
fix: move caching out of authentication middleware 2021-01-22 01:19:17 +03:00			`user, err = m.userSrvc.GetUserByKey(userKey)`
			`if err != nil {`
			`return nil, err`
Heartbeat Insertions. Restructuring. 2019-05-06 01:40:41 +03:00			`}`
refactor: use cookie-based login feat: add login page 2020-05-24 14:41:19 +03:00			`return user, nil`
Support for username-password authentication. 2019-05-21 23:40:59 +03:00			`}`
Heartbeat Insertions. Restructuring. 2019-05-06 01:40:41 +03:00
refactor: use cookie-based login feat: add login page 2020-05-24 14:41:19 +03:00			`func (m AuthenticateMiddleware) tryGetUserByCookie(r http.Request) (*models.User, error) {`
chore: remove legacy support for md5 hashed passwords chore: remove password from encoded cookie content as not used anyway 2021-01-31 16:34:54 +03:00			`username, err := utils.ExtractCookieAuth(r, m.config)`
Support for username-password authentication. 2019-05-21 23:40:59 +03:00			`if err != nil {`
refactor: use cookie-based login feat: add login page 2020-05-24 14:41:19 +03:00			`return nil, err`
Support for username-password authentication. 2019-05-21 23:40:59 +03:00			`}`

chore: remove legacy support for md5 hashed passwords chore: remove password from encoded cookie content as not used anyway 2021-01-31 16:34:54 +03:00			`user, err := m.userSrvc.GetUserById(*username)`
feat: add auto-migrations for old md5 password to maintain backwards compatibility 2020-05-25 23:24:29 +03:00			`if err != nil {`
			`return nil, err`
			`}`

chore: remove legacy support for md5 hashed passwords chore: remove password from encoded cookie content as not used anyway 2021-01-31 16:34:54 +03:00			`// no need to check password here, as securecookie decoding will fail anyway,`
			`// if cookie is not properly signed`
feat: add auto-migrations for old md5 password to maintain backwards compatibility 2020-05-25 23:24:29 +03:00
refactor: use cookie-based login feat: add login page 2020-05-24 14:41:19 +03:00			`return user, nil`
Heartbeat Insertions. Restructuring. 2019-05-06 01:40:41 +03:00			`}`