Improve subject in context
This commit is contained in:
parent
a0ad25ec4c
commit
e7f96ea58e
3 changed files with 20 additions and 10 deletions
|
|
@ -34,8 +34,8 @@ type jwtAuth interface {
|
|||
// InstallVerifyMiddleware installs the JWT verifier middleware to the provided chi Router.
|
||||
VerifyMiddleware() func(http.Handler) http.Handler
|
||||
|
||||
// InstallAuthMiddleware installs the JWT authenticator middleware to the provided chi Router.
|
||||
AuthMiddleware() func(http.Handler) http.Handler
|
||||
// SubjectMiddleware sets the request context subject from JWT or public.
|
||||
SubjectMiddleware(requireAuth bool) func(http.Handler) http.Handler
|
||||
|
||||
// PublicRoutes installs the auth route to the provided chi Router.
|
||||
PublicRoutes(chi.Router)
|
||||
|
|
@ -84,12 +84,20 @@ func TokenFromCookie(r *http.Request) string {
|
|||
return cookie.Value
|
||||
}
|
||||
|
||||
func (a *Auth) AuthMiddleware() func(http.Handler) http.Handler {
|
||||
func (a *Auth) PublicSubjectMiddleware() func(http.Handler) http.Handler {
|
||||
return a.SubjectMiddleware(false)
|
||||
}
|
||||
|
||||
func (a *Auth) AuthorizedSubjectMiddleware() func(http.Handler) http.Handler {
|
||||
return a.SubjectMiddleware(true)
|
||||
}
|
||||
|
||||
func (a *Auth) SubjectMiddleware(requireToken bool) func(http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
hfn := func(w http.ResponseWriter, r *http.Request) {
|
||||
token, _, err := jwtauth.FromContext(r.Context())
|
||||
|
||||
if err != nil {
|
||||
if err != nil && requireToken {
|
||||
http.Error(w, err.Error(), http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
|
|
|||
|
|
@ -31,11 +31,11 @@ const (
|
|||
|
||||
func SubjectFrom(ctx context.Context) Subject {
|
||||
sub, ok := ctx.Value(SubjectCtxKey).(Subject)
|
||||
if ok {
|
||||
return sub
|
||||
if !ok {
|
||||
panic("no subject in context")
|
||||
}
|
||||
|
||||
return new(PublicSubject)
|
||||
return sub
|
||||
}
|
||||
|
||||
type Subject interface {
|
||||
|
|
|
|||
|
|
@ -29,10 +29,11 @@ func (s *Server) setupRoutes() {
|
|||
r.Use(s.WithCtxStores())
|
||||
|
||||
s.installPprof()
|
||||
r.Use(s.auth.VerifyMiddleware())
|
||||
|
||||
r.Group(func(r chi.Router) {
|
||||
r.Use(s.auth.SubjectMiddleware(true))
|
||||
// authenticated routes
|
||||
r.Use(s.auth.VerifyMiddleware(), s.auth.AuthMiddleware())
|
||||
s.nex.PrivateRoutes(r)
|
||||
s.auth.PrivateRoutes(r)
|
||||
s.alerter.PrivateRoutes(r)
|
||||
|
|
@ -41,6 +42,7 @@ func (s *Server) setupRoutes() {
|
|||
|
||||
r.Group(func(r chi.Router) {
|
||||
s.rateLimit(r)
|
||||
r.Use(s.auth.SubjectMiddleware(false))
|
||||
r.Use(render.SetContentType(render.ContentTypeJSON))
|
||||
// public routes
|
||||
s.sources.PublicRoutes(r)
|
||||
|
|
@ -49,6 +51,7 @@ func (s *Server) setupRoutes() {
|
|||
r.Group(func(r chi.Router) {
|
||||
// auth/share routes get rate-limited heavily, but not using middleware
|
||||
s.rateLimit(r)
|
||||
r.Use(s.auth.SubjectMiddleware(false))
|
||||
r.Use(render.SetContentType(render.ContentTypeJSON))
|
||||
s.auth.PublicRoutes(r)
|
||||
r.Mount("/share", s.rest.ShareRouter())
|
||||
|
|
@ -56,9 +59,8 @@ func (s *Server) setupRoutes() {
|
|||
|
||||
r.Group(func(r chi.Router) {
|
||||
s.rateLimit(r)
|
||||
r.Use(s.auth.VerifyMiddleware())
|
||||
|
||||
// optional auth routes
|
||||
r.Use(s.auth.SubjectMiddleware(false))
|
||||
|
||||
s.clientRoute(r, clientRoot)
|
||||
})
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue