diff --git a/ocs/pkg/middleware/requireuser.go b/ocs/pkg/middleware/requireuser.go new file mode 100644 index 0000000000..8d3885aac6 --- /dev/null +++ b/ocs/pkg/middleware/requireuser.go @@ -0,0 +1,32 @@ +package middleware + +import ( + "net/http" + + "github.com/cs3org/reva/pkg/user" + "github.com/go-chi/render" + "github.com/owncloud/ocis/ocs/pkg/service/v0/data" + "github.com/owncloud/ocis/ocs/pkg/service/v0/response" +) + +// RequireUser middleware is used to require a user in context +func RequireUser() func(next http.Handler) http.Handler { + + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + + u, ok := user.ContextGetUser(r.Context()) + if !ok { + render.Render(w, r, response.ErrRender(data.MetaUnauthorized.StatusCode, "Unauthorized")) + return + } + if u.Id == nil || u.Id.OpaqueId == "" { + render.Render(w, r, response.ErrRender(data.MetaBadRequest.StatusCode, "user is missing an id")) + return + } + + next.ServeHTTP(w, r) + + }) + } +} diff --git a/ocs/pkg/service/v0/service.go b/ocs/pkg/service/v0/service.go index 030f60f7ea..d1817b41dd 100644 --- a/ocs/pkg/service/v0/service.go +++ b/ocs/pkg/service/v0/service.go @@ -61,6 +61,8 @@ func NewService(opts ...Option) Service { logger: options.Logger, } + requireUser := ocsm.RequireUser() + requireAdmin := ocsm.RequireAdmin( ocsm.RoleManager(roleManager), ) @@ -94,7 +96,7 @@ func NewService(opts ...Option) Service { r.With(requireAdmin).Get("/", svc.ListUsers) r.With(requireAdmin).Post("/", svc.AddUser) r.Route("/{userid}", func(r chi.Router) { - r.With(requireSelfOrAdmin).Get("/", svc.GetUser) + r.With(requireUser).Get("/", svc.GetUser) r.With(requireSelfOrAdmin).Put("/", svc.EditUser) r.With(requireAdmin).Delete("/", svc.DeleteUser) r.With(requireAdmin).Put("/enable", svc.EnableUser) @@ -124,7 +126,7 @@ func NewService(opts ...Option) Service { }) }) r.Route("/config", func(r chi.Router) { - r.Get("/", svc.GetConfig) + r.With(requireUser).Get("/", svc.GetConfig) }) }) })