mirror/phylum
1
0
Fork 0
mirror of https://codeberg.org/shroff/phylum.git synced 2026-01-03 01:59:55 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
5cda3e76a025a4cdca459e70cf08218e41b60d81
phylum/server/internal/api/authenticator/authenticator.go
Abhishek Shroff 038adab527 [server] UserID+email instead of username
2025-05-14 11:04:36 +05:30

97 lines
2.4 KiB
Go
Raw Blame History

package authenticator
import (
"encoding/base64"
"net/http"
"strings"
"github.com/gin-gonic/gin"
"github.com/shroff/phylum/server/internal/core/errors"
"github.com/shroff/phylum/server/internal/core/fs"
"github.com/shroff/phylum/server/internal/core/user"
)
var errAuthRequired = errors.NewError(http.StatusUnauthorized, "auth_required", "authorization required")
const keyUser = "user"
const keyFileSystem = "filesystem"
func GetUser(c *gin.Context) user.User {
val, ok := c.Get(keyUser)
if !ok {
return user.User{}
}
return val.(user.User)
}
func GetFileSystem(c *gin.Context) fs.FileSystem {
val, ok := c.Get(keyFileSystem)
if !ok {
return nil
}
return val.(fs.FileSystem)
}
func Require(c *gin.Context) {
ctx := c.Request.Context()
if u, err := extractUserDetails(c); err != nil {
panic(err)
} else {
c.Set(keyUser, u)
c.Set(keyFileSystem, u.OpenFileSystem(ctx))
}
}
func extractUserDetails(c *gin.Context) (user.User, error) {
userManager := user.ManagerFromContext(c.Request.Context())
if header := c.Request.Header.Get("Authorization"); header == "" {
if cookie, err := c.Request.Cookie("auth_token"); err == nil {
token := cookie.Value
if u, err := userManager.ReadAccessToken(token); err == nil {
return u, nil
} else {
return user.User{}, err
}
} else if err != http.ErrNoCookie {
return user.User{}, err
}
return user.User{}, errAuthRequired
} else if auth, ok := checkAuthHeader(header, "basic"); ok {
if email, password, ok := decodeBasicAuth(auth); ok {
if u, err := userManager.VerifyUserPassword(email, password); err == nil {
return u, nil
} else {
return user.User{}, err
}
}
} else if token, ok := checkAuthHeader(header, "bearer"); ok {
if u, err := userManager.ReadAccessToken(token); err == nil {
return u, nil
} else {
return user.User{}, err
}
}
return user.User{}, errAuthRequired
}
func checkAuthHeader(header, prefix string) (string, bool) {
prefix = prefix + " "
if len(header) < len(prefix) || !strings.EqualFold(header[:len(prefix)], prefix) {
return "", false
}
return header[len(prefix):], true
}
func decodeBasicAuth(auth string) (email, password string, ok bool) {
c, err := base64.StdEncoding.DecodeString(auth)
if err != nil {
return "", "", false
}
cs := string(c)
email, password, ok = strings.Cut(cs, ":")
if !ok {
return "", "", false
}
return email, password, true
}
Reference in New Issue View Git Blame Copy Permalink