2019-05-06 01:40:41 +03:00
|
|
|
package middlewares
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
2019-05-21 23:40:59 +03:00
|
|
|
"crypto/md5"
|
2019-05-06 01:40:41 +03:00
|
|
|
"encoding/base64"
|
2019-05-21 23:40:59 +03:00
|
|
|
"encoding/hex"
|
|
|
|
|
"errors"
|
2019-05-06 01:40:41 +03:00
|
|
|
"net/http"
|
2019-05-21 23:40:59 +03:00
|
|
|
"regexp"
|
2019-05-06 01:40:41 +03:00
|
|
|
"strings"
|
2019-05-21 15:23:41 +03:00
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"github.com/patrickmn/go-cache"
|
2019-05-06 01:40:41 +03:00
|
|
|
|
2020-03-31 13:22:17 +03:00
|
|
|
"github.com/muety/wakapi/models"
|
|
|
|
|
"github.com/muety/wakapi/services"
|
2019-05-06 01:40:41 +03:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type AuthenticateMiddleware struct {
|
2020-04-08 22:29:11 +03:00
|
|
|
UserSrvc *services.UserService
|
|
|
|
|
Cache *cache.Cache
|
|
|
|
|
WhitelistPaths []string
|
|
|
|
|
Initialized bool
|
2019-05-21 15:23:41 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *AuthenticateMiddleware) Init() {
|
|
|
|
|
if m.Cache == nil {
|
|
|
|
|
m.Cache = cache.New(1*time.Hour, 2*time.Hour)
|
|
|
|
|
}
|
|
|
|
|
m.Initialized = true
|
2019-05-06 01:40:41 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *AuthenticateMiddleware) Handle(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
|
2019-05-21 15:23:41 +03:00
|
|
|
if !m.Initialized {
|
|
|
|
|
m.Init()
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-08 22:29:11 +03:00
|
|
|
for _, p := range m.WhitelistPaths {
|
|
|
|
|
if strings.HasPrefix(r.URL.Path, p) || r.URL.Path == p {
|
|
|
|
|
next(w, r)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-21 23:40:59 +03:00
|
|
|
var user *models.User
|
|
|
|
|
var userKey string
|
2019-11-08 01:11:19 +03:00
|
|
|
user, userKey, err := m.tryGetUserByPassword(r)
|
2019-05-21 23:40:59 +03:00
|
|
|
|
|
|
|
|
if err != nil {
|
2019-11-08 01:11:19 +03:00
|
|
|
user, userKey, err = m.tryGetUserByApiKey(r)
|
2019-05-21 23:40:59 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
2019-05-19 20:49:27 +03:00
|
|
|
w.WriteHeader(http.StatusUnauthorized)
|
2019-05-06 01:40:41 +03:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-21 23:40:59 +03:00
|
|
|
m.Cache.Set(userKey, user, cache.DefaultExpiration)
|
|
|
|
|
|
|
|
|
|
ctx := context.WithValue(r.Context(), models.UserKey, user)
|
|
|
|
|
next(w, r.WithContext(ctx))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *AuthenticateMiddleware) tryGetUserByApiKey(r *http.Request) (*models.User, string, error) {
|
|
|
|
|
authHeader := strings.Split(r.Header.Get("Authorization"), " ")
|
|
|
|
|
if len(authHeader) != 2 || authHeader[0] != "Basic" {
|
2019-11-08 01:11:19 +03:00
|
|
|
return nil, "", errors.New("failed to extract API key")
|
2019-05-21 23:40:59 +03:00
|
|
|
}
|
|
|
|
|
|
2019-05-06 01:40:41 +03:00
|
|
|
key, err := base64.StdEncoding.DecodeString(authHeader[1])
|
|
|
|
|
if err != nil {
|
2019-05-21 23:40:59 +03:00
|
|
|
return nil, "", err
|
2019-05-06 01:40:41 +03:00
|
|
|
}
|
|
|
|
|
|
2019-05-21 15:23:41 +03:00
|
|
|
var user *models.User
|
|
|
|
|
userKey := strings.TrimSpace(string(key))
|
|
|
|
|
cachedUser, ok := m.Cache.Get(userKey)
|
|
|
|
|
if !ok {
|
|
|
|
|
user, err = m.UserSrvc.GetUserByKey(userKey)
|
|
|
|
|
if err != nil {
|
2019-05-21 23:40:59 +03:00
|
|
|
return nil, "", err
|
2019-05-21 15:23:41 +03:00
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
user = cachedUser.(*models.User)
|
2019-05-06 01:40:41 +03:00
|
|
|
}
|
2019-05-21 23:40:59 +03:00
|
|
|
return user, userKey, nil
|
|
|
|
|
}
|
2019-05-06 01:40:41 +03:00
|
|
|
|
2019-05-21 23:40:59 +03:00
|
|
|
func (m *AuthenticateMiddleware) tryGetUserByPassword(r *http.Request) (*models.User, string, error) {
|
|
|
|
|
authHeader := strings.Split(r.Header.Get("Authorization"), " ")
|
|
|
|
|
if len(authHeader) != 2 || authHeader[0] != "Basic" {
|
2019-11-08 01:11:19 +03:00
|
|
|
return nil, "", errors.New("failed to extract API key")
|
2019-05-21 23:40:59 +03:00
|
|
|
}
|
2019-05-21 15:23:41 +03:00
|
|
|
|
2019-05-21 23:40:59 +03:00
|
|
|
hash, err := base64.StdEncoding.DecodeString(authHeader[1])
|
|
|
|
|
userKey := strings.TrimSpace(string(hash))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, "", err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var user *models.User
|
|
|
|
|
cachedUser, ok := m.Cache.Get(userKey)
|
|
|
|
|
if !ok {
|
|
|
|
|
re := regexp.MustCompile(`^(.+):(.+)$`)
|
|
|
|
|
groups := re.FindAllStringSubmatch(userKey, -1)
|
|
|
|
|
if len(groups) == 0 || len(groups[0]) != 3 {
|
2019-11-08 01:11:19 +03:00
|
|
|
return nil, "", errors.New("failed to parse user agent string")
|
2019-05-21 23:40:59 +03:00
|
|
|
}
|
|
|
|
|
userId, password := groups[0][1], groups[0][2]
|
|
|
|
|
user, err = m.UserSrvc.GetUserById(userId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, "", err
|
|
|
|
|
}
|
|
|
|
|
passwordHash := md5.Sum([]byte(password))
|
|
|
|
|
passwordHashString := hex.EncodeToString(passwordHash[:])
|
|
|
|
|
if passwordHashString != user.Password {
|
2019-11-08 01:11:19 +03:00
|
|
|
return nil, "", errors.New("invalid password")
|
2019-05-21 23:40:59 +03:00
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
user = cachedUser.(*models.User)
|
|
|
|
|
}
|
|
|
|
|
return user, userKey, nil
|
2019-05-06 01:40:41 +03:00
|
|
|
}
|
