From 2d79a4120f3102793bf2694a02c815b33ee308b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Tikvi=C4=87?= Date: Thu, 26 Oct 2017 09:35:22 +0200 Subject: [PATCH] Responses contain full URI --- auth_utility.go | 33 ++++++++++++++++++++++++++++++--- http_utility.go | 3 ++- json_utility.go | 3 ++- 3 files changed, 34 insertions(+), 5 deletions(-) diff --git a/auth_utility.go b/auth_utility.go index 91f39ac..3fc4939 100644 --- a/auth_utility.go +++ b/auth_utility.go @@ -135,7 +135,34 @@ func RefreshAuthToken(req *http.Request) (TokenClaims, error) { // http.Request and then compares it with the list of supplied roles and returns // true if there's a match, if "*" is provided or if the authRoles is nil. // Otherwise it returns false. -func RbacCheck(req *http.Request, authRoles []string) (*TokenClaims, error) { +func RbacCheck(req *http.Request, authRoles []string) bool { + if authRoles == nil { + return true + } + + // validate token and check expiration date + claims, err := GetTokenClaims(req) + if err != nil { + return false + } + // check if token has expired + if claims.ExpiresAt < (time.Now()).Unix() { + return false + } + + // check if role extracted from token matches + // any of the provided (allowed) ones + for _, r := range authRoles { + if claims.Role == r || r == "*" { + return true + } + } + + return false +} + +// TODO +func AuthCheck(req *http.Request, authRoles []string) (*TokenClaims, error) { if authRoles == nil { return &TokenClaims{}, nil } @@ -158,7 +185,7 @@ func RbacCheck(req *http.Request, authRoles []string) (*TokenClaims, error) { } } - return &TokenClaims{}, errors.New("role is not authorized") + return claims, errors.New("role is not authorized") } // GetTokenClaims extracts JWT claims from Authorization header of the request. @@ -168,7 +195,7 @@ func GetTokenClaims(req *http.Request) (*TokenClaims, error) { var tokstr string authHead := req.Header.Get("Authorization") if ok := strings.HasPrefix(authHead, "Bearer "); ok { - tokstr = strings.TrimPrefix(tokstr, "Bearer ") + tokstr = strings.TrimPrefix(authHead, "Bearer ") } else { return &TokenClaims{}, errors.New("authorization header in incomplete") } diff --git a/http_utility.go b/http_utility.go index ed8138a..e1f1328 100644 --- a/http_utility.go +++ b/http_utility.go @@ -26,7 +26,8 @@ type HttpErrorDesc struct { // ErrorResponse writes HTTP error to w. func ErrorResponse(w http.ResponseWriter, r *http.Request, code int, desc []HttpErrorDesc) { - err := httpError{desc, r.Method + " " + r.URL.Path} + //err := httpError{desc, r.Method + " " + r.URL.Path} + err := httpError{desc, r.Method + " " + r.RequestURI} w.WriteHeader(code) json.NewEncoder(w).Encode(err) } diff --git a/json_utility.go b/json_utility.go index da294a9..8b69e3d 100644 --- a/json_utility.go +++ b/json_utility.go @@ -86,7 +86,8 @@ func DecodeJSON(r io.Reader, v interface{}) error { func NewPayload(r *http.Request, table string) Payload { var pload Payload - pload.Method = r.Method + " " + r.URL.Path + //pload.Method = r.Method + " " + r.URL.Path + pload.Method = r.Method + " " + r.RequestURI if table != "" { pload.Params = make(map[string]string, 0) pload.Lang = translations(table) -- 1.8.1.2