package api import ( "fmt" "github.com/gin-gonic/gin" "log" "net/http" "os" "resource-manager/security" "strings" "time" ) func Auth() gin.HandlerFunc { basicAuth, hasBasicAuth := os.LookupEnv("BASIC_AUTH_CREDENTIALS") var apiAuths []string if list, hasApiAuth := os.LookupEnv("API_CREDENTIALS"); hasApiAuth { apiAuths = strings.Split(list, ",") } return func(c *gin.Context) { if rawToken := c.Query("token"); rawToken != "" { token, err := security.ParseToken(rawToken) if err != nil { abort(c, nil, http.StatusUnauthorized, "invalid token") return } c.Set("secure", "token") c.Set("path", token.Path) return } authHeader := c.GetHeader("Authorization") if strings.HasPrefix(authHeader, "Basic ") && hasBasicAuth { if strings.TrimPrefix(authHeader, "Basic ") == basicAuth { c.Set("secure", "basic") return } } if strings.HasPrefix(authHeader, "Api ") && hasBasicAuth { key := strings.TrimPrefix(authHeader, "Api ") if hasValidApiKey(apiAuths, key) { c.Set("secure", "api") return } } abort(c, nil, http.StatusUnauthorized, "missing auth") } } func Secure(types ...string) gin.HandlerFunc { return func(c *gin.Context) { value, exists := c.Get("secure") if !exists { abort(c, nil, http.StatusUnauthorized, "missing auth") } else { securityType := value.(string) for _, t := range types { if t == securityType { return } } abort(c, nil, http.StatusUnauthorized, fmt.Sprintf("bad security: received %s type", securityType)) } } } func hasValidApiKey(auths []string, key string) bool { for _, a := range auths { if a == key { return true } } return false } func abort(c *gin.Context, err error, statusCode int, message string) { log.Printf("Aborted with error: %v", err) c.AbortWithStatusJSON(statusCode, gin.H{"status": statusCode, "created": time.Now(), "message": message}) }