nilix/quartzgun
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

tweak middleware headers; v0.2.1

Browse source
This commit is contained in:
Iris Lightshard 2023-01-26 20:54:48 -07:00
parent 10ecb3058f
commit ab1d495514
Signed by: Iris Lightshard
GPG key ID: 3B7FBC22144E6398
1 changed files with 9 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
middleware/middleware.go
View file

@ -14,7 +14,7 @@ import (
type TokenPayload struct { type TokenPayload struct {
AccessToken string `json:"access_token"` AccessToken string `json:"access_token"`
TokenType string `json:"token_type"` TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"` ExpiresIn int `json:"expires_in"`
} }
func Protected(next http.Handler, method string, userStore auth.UserStore, login string) http.Handler { func Protected(next http.Handler, method string, userStore auth.UserStore, login string) http.Handler {
@ -29,8 +29,8 @@ func Protected(next http.Handler, method string, userStore auth.UserStore, login
req.Method = method req.Method = method
next.ServeHTTP(w, req) next.ServeHTTP(w, req)
return return
} else if err != nil && err.Error() == "Cookie or token expired"{ } else if err != nil && err.Error() == "Cookie or token expired" {
auth.Logout(user, userStore, w) auth.Logout(user, userStore, w)
} }
} }
} }
@ -100,7 +100,6 @@ func Provision(userStore auth.UserStore, ttl int) http.Handler {
return return
} }
} }
w.Header().Add("WWW-Authenticate", "Basic")
w.WriteHeader(http.StatusUnauthorized) w.WriteHeader(http.StatusUnauthorized)
return return
} }
@ -110,6 +109,7 @@ func Provision(userStore auth.UserStore, ttl int) http.Handler {
func Validate(next http.Handler, userStore auth.UserStore, scopes map[string]string) http.Handler { func Validate(next http.Handler, userStore auth.UserStore, scopes map[string]string) http.Handler {
handlerFunc := func(w http.ResponseWriter, req *http.Request) { handlerFunc := func(w http.ResponseWriter, req *http.Request) {
errString := ""
authHeader := req.Header.Get("Authorization") authHeader := req.Header.Get("Authorization")
if strings.HasPrefix(authHeader, "Bearer ") { if strings.HasPrefix(authHeader, "Bearer ") {
authToken := strings.Split(authHeader, "Bearer ")[1] authToken := strings.Split(authHeader, "Bearer ")[1]
@ -117,9 +117,13 @@ func Validate(next http.Handler, userStore auth.UserStore, scopes map[string]str
if validated && err == nil { if validated && err == nil {
next.ServeHTTP(w, req) next.ServeHTTP(w, req)
return return
} else {
errString = err.Error()
} }
} else {
errString = "No authentication data"
} }
w.Header().Add("WWW-Authenticate", "Basic") w.Header().Add("Quartzgun-Error", errString)
w.WriteHeader(http.StatusUnauthorized) w.WriteHeader(http.StatusUnauthorized)
} }