Commit 2d79a4120f3102793bf2694a02c815b33ee308b5
1 parent
bc3671b260
Exists in
master
and in
1 other branch
Responses contain full URI
Showing
3 changed files
with
34 additions
and
5 deletions
Show diff stats
auth_utility.go
| ... | ... | @@ -135,7 +135,34 @@ func RefreshAuthToken(req *http.Request) (TokenClaims, error) { |
| 135 | 135 | // http.Request and then compares it with the list of supplied roles and returns |
| 136 | 136 | // true if there's a match, if "*" is provided or if the authRoles is nil. |
| 137 | 137 | // Otherwise it returns false. |
| 138 | -func RbacCheck(req *http.Request, authRoles []string) (*TokenClaims, error) { | |
| 138 | +func RbacCheck(req *http.Request, authRoles []string) bool { | |
| 139 | + if authRoles == nil { | |
| 140 | + return true | |
| 141 | + } | |
| 142 | + | |
| 143 | + // validate token and check expiration date | |
| 144 | + claims, err := GetTokenClaims(req) | |
| 145 | + if err != nil { | |
| 146 | + return false | |
| 147 | + } | |
| 148 | + // check if token has expired | |
| 149 | + if claims.ExpiresAt < (time.Now()).Unix() { | |
| 150 | + return false | |
| 151 | + } | |
| 152 | + | |
| 153 | + // check if role extracted from token matches | |
| 154 | + // any of the provided (allowed) ones | |
| 155 | + for _, r := range authRoles { | |
| 156 | + if claims.Role == r || r == "*" { | |
| 157 | + return true | |
| 158 | + } | |
| 159 | + } | |
| 160 | + | |
| 161 | + return false | |
| 162 | +} | |
| 163 | + | |
| 164 | +// TODO | |
| 165 | +func AuthCheck(req *http.Request, authRoles []string) (*TokenClaims, error) { | |
| 139 | 166 | if authRoles == nil { |
| 140 | 167 | return &TokenClaims{}, nil |
| 141 | 168 | } |
| ... | ... | @@ -158,7 +185,7 @@ func RbacCheck(req *http.Request, authRoles []string) (*TokenClaims, error) { |
| 158 | 185 | } |
| 159 | 186 | } |
| 160 | 187 | |
| 161 | - return &TokenClaims{}, errors.New("role is not authorized") | |
| 188 | + return claims, errors.New("role is not authorized") | |
| 162 | 189 | } |
| 163 | 190 | |
| 164 | 191 | // GetTokenClaims extracts JWT claims from Authorization header of the request. |
| ... | ... | @@ -168,7 +195,7 @@ func GetTokenClaims(req *http.Request) (*TokenClaims, error) { |
| 168 | 195 | var tokstr string |
| 169 | 196 | authHead := req.Header.Get("Authorization") |
| 170 | 197 | if ok := strings.HasPrefix(authHead, "Bearer "); ok { |
| 171 | - tokstr = strings.TrimPrefix(tokstr, "Bearer ") | |
| 198 | + tokstr = strings.TrimPrefix(authHead, "Bearer ") | |
| 172 | 199 | } else { |
| 173 | 200 | return &TokenClaims{}, errors.New("authorization header in incomplete") |
| 174 | 201 | } | ... | ... |
http_utility.go
| ... | ... | @@ -26,7 +26,8 @@ type HttpErrorDesc struct { |
| 26 | 26 | |
| 27 | 27 | // ErrorResponse writes HTTP error to w. |
| 28 | 28 | func ErrorResponse(w http.ResponseWriter, r *http.Request, code int, desc []HttpErrorDesc) { |
| 29 | - err := httpError{desc, r.Method + " " + r.URL.Path} | |
| 29 | + //err := httpError{desc, r.Method + " " + r.URL.Path} | |
| 30 | + err := httpError{desc, r.Method + " " + r.RequestURI} | |
| 30 | 31 | w.WriteHeader(code) |
| 31 | 32 | json.NewEncoder(w).Encode(err) |
| 32 | 33 | } | ... | ... |
json_utility.go
| ... | ... | @@ -86,7 +86,8 @@ func DecodeJSON(r io.Reader, v interface{}) error { |
| 86 | 86 | func NewPayload(r *http.Request, table string) Payload { |
| 87 | 87 | var pload Payload |
| 88 | 88 | |
| 89 | - pload.Method = r.Method + " " + r.URL.Path | |
| 89 | + //pload.Method = r.Method + " " + r.URL.Path | |
| 90 | + pload.Method = r.Method + " " + r.RequestURI | |
| 90 | 91 | if table != "" { |
| 91 | 92 | pload.Params = make(map[string]string, 0) |
| 92 | 93 | pload.Lang = translations(table) | ... | ... |