working commit
This commit is contained in:
@@ -3,6 +3,7 @@ package handler
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"regexp"
|
||||
|
||||
"mstore/app/descr"
|
||||
"mstore/app/router"
|
||||
@@ -21,9 +22,10 @@ func (hand *Handler) AuthMiddleware(next router.Handler) router.Handler {
|
||||
handlerFunc = func(rctx *router.Context) {
|
||||
hand.logg.Debugf("Call authorization middleware")
|
||||
success, accountID, err := hand.CheckAccess(rctx)
|
||||
if success && err == nil {
|
||||
if success {
|
||||
rctx.SetBool(authTag, true)
|
||||
rctx.SetString(userTag, accountID)
|
||||
hand.logg.Debugf("Authorization for accountID [%s]", rctx.Strings[userTag])
|
||||
}
|
||||
if err != nil {
|
||||
hand.logg.Errorf("Authorization middleware error: %v", err)
|
||||
@@ -50,10 +52,16 @@ func (hand *Handler) CheckAccess(rctx *router.Context) (bool, string, error) {
|
||||
if err != nil {
|
||||
return success, accountID, err
|
||||
}
|
||||
hand.logg.Debugf("Authorization username is %s:%s", username, password)
|
||||
}
|
||||
success = true // TODO: change to actual call
|
||||
|
||||
success, id, err := hand.ValidatePassword(rctx.Ctx, username, password)
|
||||
if err != nil {
|
||||
return false, accountID, err
|
||||
}
|
||||
if !success {
|
||||
err = fmt.Errorf("Incorrect username or password")
|
||||
return false, accountID, err
|
||||
}
|
||||
accountID = id
|
||||
return success, accountID, err
|
||||
}
|
||||
|
||||
@@ -73,5 +81,46 @@ func (hand *Handler) ValidatePassword(ctx context.Context, username, password st
|
||||
}
|
||||
valid = true
|
||||
accountID = accountDescr.ID
|
||||
|
||||
return valid, accountID, err
|
||||
}
|
||||
|
||||
func (hand *Handler) CheckRight(ctx context.Context, accountID, right, subject string) (bool, error) {
|
||||
var err error
|
||||
var res bool
|
||||
hand.logg.Debugf("Cop check your right %s: %s %s", accountID, right, subject)
|
||||
// =[]=
|
||||
// /------\
|
||||
// .---[-] [#] \--,
|
||||
// >| [ ] [ ] |
|
||||
// '--0-------0----'
|
||||
// Bad news for you, baby.... #
|
||||
|
||||
// TODO: defer logger
|
||||
|
||||
defer hand.logg.Debugf("Checking right %s for %s: %v", right, accountID, res)
|
||||
|
||||
exists, grant, err := hand.mdb.GetGrantByAccoundIDRight(ctx, accountID, right)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
if !exists {
|
||||
return res, err
|
||||
}
|
||||
|
||||
switch right {
|
||||
case descr.RightReadFiles, descr.RightWriteFiles:
|
||||
grant.Pattern = ".*"
|
||||
re, err := regexp.Compile(grant.Pattern)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
if !re.MatchString(subject) {
|
||||
return res, err
|
||||
}
|
||||
default:
|
||||
// NOP
|
||||
}
|
||||
res = true
|
||||
return res, err
|
||||
}
|
||||
@@ -1,7 +1,6 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
|
||||
"mstore/app/descr"
|
||||
@@ -9,21 +8,6 @@ import (
|
||||
"mstore/app/router"
|
||||
)
|
||||
|
||||
func (hand *Handler) CheckRight(ctx context.Context, accountID, right, subject string) (bool, error) {
|
||||
var err error
|
||||
var res bool
|
||||
hand.logg.Debugf("Cop check your right %s: %s %s", accountID, right, subject)
|
||||
// =[]=
|
||||
// /------\
|
||||
// .---[-] [#] \--,
|
||||
// >| [ ] [ ] |
|
||||
// '--0-------0----'
|
||||
// Bad news for you, baby.... #
|
||||
|
||||
res = true
|
||||
return res, err
|
||||
}
|
||||
|
||||
// POST /v3/account/create 200 200
|
||||
func (hand *Handler) CreateAccount(rctx *router.Context) {
|
||||
var err error
|
||||
|
||||
+12
-25
@@ -11,7 +11,6 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
|
||||
@@ -35,13 +34,11 @@ func (hand *Handler) BlobExists(rctx *router.Context) {
|
||||
operatorID, _ := rctx.GetString(userTag)
|
||||
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadImages, "")
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Operation error: %v", err)
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if !opEnable {
|
||||
err := fmt.Errorf("Operation not enabled for this account")
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusMethodNotAllowed)
|
||||
return
|
||||
}
|
||||
// Execution of the operation
|
||||
@@ -77,13 +74,11 @@ func (hand *Handler) PostUpload(rctx *router.Context) {
|
||||
operatorID, _ := rctx.GetString(userTag)
|
||||
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteImages, "")
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Operation error: %v", err)
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if !opEnable {
|
||||
err := fmt.Errorf("Operation not enabled for this account")
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusMethodNotAllowed)
|
||||
return
|
||||
}
|
||||
// Execution of the operation
|
||||
@@ -124,13 +119,11 @@ func (hand *Handler) PatchUpload(rctx *router.Context) {
|
||||
operatorID, _ := rctx.GetString(userTag)
|
||||
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteImages, "")
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Operation error: %v", err)
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if !opEnable {
|
||||
err := fmt.Errorf("Operation not enabled for this account")
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusMethodNotAllowed)
|
||||
return
|
||||
}
|
||||
// Execution of the operation
|
||||
@@ -170,13 +163,11 @@ func (hand *Handler) PutUpload(rctx *router.Context) {
|
||||
operatorID, _ := rctx.GetString(userTag)
|
||||
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteImages, "")
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Operation error: %v", err)
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if !opEnable {
|
||||
err := fmt.Errorf("Operation not enabled for this account")
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusMethodNotAllowed)
|
||||
return
|
||||
}
|
||||
// Execution of the operation
|
||||
@@ -202,13 +193,11 @@ func (hand *Handler) GetBlob(rctx *router.Context) {
|
||||
operatorID, _ := rctx.GetString(userTag)
|
||||
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadImages, "")
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Operation error: %v", err)
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if !opEnable {
|
||||
err := fmt.Errorf("Operation not enabled for this account")
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusMethodNotAllowed)
|
||||
return
|
||||
}
|
||||
// Execution of the operation
|
||||
@@ -250,13 +239,11 @@ func (hand *Handler) DeleteBlob(rctx *router.Context) {
|
||||
operatorID, _ := rctx.GetString(userTag)
|
||||
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteImages, "")
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Operation error: %v", err)
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if !opEnable {
|
||||
err := fmt.Errorf("Operation not enabled for this account")
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusMethodNotAllowed)
|
||||
return
|
||||
}
|
||||
// Execution of the operation
|
||||
|
||||
+11
-21
@@ -10,8 +10,8 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
|
||||
"mstore/app/descr"
|
||||
"mstore/app/operator"
|
||||
@@ -30,13 +30,11 @@ func (hand *Handler) FileInfo(rctx *router.Context) {
|
||||
operatorID, _ := rctx.GetString(userTag)
|
||||
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadFiles, "")
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Operation error: %v", err)
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if !opEnable {
|
||||
err := fmt.Errorf("Operation not enabled for this account")
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusMethodNotAllowed)
|
||||
return
|
||||
}
|
||||
// Execution of the operation
|
||||
@@ -77,13 +75,11 @@ func (hand *Handler) PutFile(rctx *router.Context) {
|
||||
operatorID, _ := rctx.GetString(userTag)
|
||||
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteFiles, "")
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Operation error: %v", err)
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if !opEnable {
|
||||
err := fmt.Errorf("Operation not enabled for this account")
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusMethodNotAllowed)
|
||||
return
|
||||
}
|
||||
// Execution of the operation
|
||||
@@ -107,13 +103,11 @@ func (hand *Handler) GetFile(rctx *router.Context) {
|
||||
operatorID, _ := rctx.GetString(userTag)
|
||||
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadFiles, "")
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Operation error: %v", err)
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if !opEnable {
|
||||
err := fmt.Errorf("Operation not enabled for this account")
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusMethodNotAllowed)
|
||||
return
|
||||
}
|
||||
// Execution of the operation
|
||||
@@ -157,13 +151,11 @@ func (hand *Handler) DeleteFile(rctx *router.Context) {
|
||||
operatorID, _ := rctx.GetString(userTag)
|
||||
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteFiles, "")
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Operation error: %v", err)
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if !opEnable {
|
||||
err := fmt.Errorf("Operation not enabled for this account")
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusMethodNotAllowed)
|
||||
return
|
||||
}
|
||||
// Execution of the operation
|
||||
@@ -189,13 +181,11 @@ func (hand *Handler) ListFiles(rctx *router.Context) {
|
||||
operatorID, _ := rctx.GetString(userTag)
|
||||
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadFiles, "")
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Operation error: %v", err)
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if !opEnable {
|
||||
err := fmt.Errorf("Operation not enabled for this account")
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusMethodNotAllowed)
|
||||
return
|
||||
}
|
||||
// Execution of the operation
|
||||
|
||||
+12
-25
@@ -10,7 +10,6 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"mstore/app/descr"
|
||||
@@ -30,13 +29,11 @@ func (hand *Handler) ManifestExists(rctx *router.Context) {
|
||||
operatorID, _ := rctx.GetString(userTag)
|
||||
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadImages, "")
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Operation error: %v", err)
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if !opEnable {
|
||||
err := fmt.Errorf("Operation not enabled for this account")
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusMethodNotAllowed)
|
||||
return
|
||||
}
|
||||
// Execution of the operation
|
||||
@@ -74,13 +71,11 @@ func (hand *Handler) PutManifest(rctx *router.Context) {
|
||||
operatorID, _ := rctx.GetString(userTag)
|
||||
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteImages, "")
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Operation error: %v", err)
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if !opEnable {
|
||||
err := fmt.Errorf("Operation not enabled for this account")
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusMethodNotAllowed)
|
||||
return
|
||||
}
|
||||
// Execution of the operation
|
||||
@@ -107,13 +102,11 @@ func (hand *Handler) GetManifest(rctx *router.Context) {
|
||||
operatorID, _ := rctx.GetString(userTag)
|
||||
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadImages, "")
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Operation error: %v", err)
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if !opEnable {
|
||||
err := fmt.Errorf("Operation not enabled for this account")
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusMethodNotAllowed)
|
||||
return
|
||||
}
|
||||
// Execution of the operation
|
||||
@@ -147,13 +140,11 @@ func (hand *Handler) DeleteManifest(rctx *router.Context) {
|
||||
operatorID, _ := rctx.GetString(userTag)
|
||||
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteImages, "")
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Operation error: %v", err)
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if !opEnable {
|
||||
err := fmt.Errorf("Operation not enabled for this account")
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusMethodNotAllowed)
|
||||
return
|
||||
}
|
||||
// Execution of the operation
|
||||
@@ -178,13 +169,11 @@ func (hand *Handler) GetReferer(rctx *router.Context) {
|
||||
operatorID, _ := rctx.GetString(userTag)
|
||||
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadImages, "")
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Operation error: %v", err)
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if !opEnable {
|
||||
err := fmt.Errorf("Operation not enabled for this account")
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusMethodNotAllowed)
|
||||
return
|
||||
}
|
||||
// Execution of the operation
|
||||
@@ -206,13 +195,11 @@ func (hand *Handler) GetTags(rctx *router.Context) {
|
||||
operatorID, _ := rctx.GetString(userTag)
|
||||
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadImages, "")
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Operation error: %v", err)
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if !opEnable {
|
||||
err := fmt.Errorf("Operation not enabled for this account")
|
||||
hand.SendError(rctx, err)
|
||||
rctx.SetStatus(http.StatusMethodNotAllowed)
|
||||
return
|
||||
}
|
||||
// Execution of the operation
|
||||
|
||||
Reference in New Issue
Block a user