canape/src/internal/auth/middleware.go

package auth

import (
	"fmt"
	"net/http"

	"github.com/gorilla/context"
)

type key int

const ukey key = 0 //user key

// Middleware get User from session and put it in context
type Middleware struct {
	authorizer *Authorizer
}

func NewMiddleware(authorizer *Authorizer) *Middleware {
	return &Middleware{authorizer}
}

func (m *Middleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
	user, err := m.authorizer.CurrentUser(w, r)
	if err != nil {
		panic(err)
	}
	context.Set(r, ukey, user)
	next(w, r)
}

type MiddlewareRole struct {
	authorizer      *Authorizer
	role            string
	loginPageGetter func() string
}

func NewMiddlewareRole(authorizer *Authorizer, loginPageGetter func() string, role string) *MiddlewareRole {
	return &MiddlewareRole{authorizer, role, loginPageGetter}
}

func (m *MiddlewareRole) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
	user := GetCurrentUser(r)

	if user == nil || !user.HasRole(m.role) {
		cookie, err := m.authorizer.Cookiejar.Get(r, "rlogin")
		if err != nil {
			panic(err)
		}
		cookie.Values["redirect"] = r.URL.Path
		err = cookie.Save(r, w)
		if err != nil {
			panic(err)
		}
		http.Redirect(w, r, m.loginPageGetter(), http.StatusTemporaryRedirect)
		return
	}

	next(w, r)
}

func GetPostLoginRedirect(a *Authorizer, w http.ResponseWriter, r *http.Request) (string, error) {
	cookie, err := a.Cookiejar.Get(r, "rlogin")
	if err != nil {
		return "", err
	}
	val := cookie.Values["redirect"]
	if val == nil {
		return "", nil
	}
	path, ok := val.(string)
	if !ok {
		return "", fmt.Errorf("invalid redirect type")
	}
	cookie.Values["rlogin"] = ""
	err = cookie.Save(r, w)
	if err != nil {
		return "", err
	}
	return path, nil

}

func GetCurrentUser(r *http.Request) User {
	u := context.Get(r, ukey)
	if u == nil {
		return nil
	}
	user, ok := u.(User)
	if !ok {
		panic("invalid user type")
	}
	return user
}