2020-10-15 01:24:36 +02:00
|
|
|
package security
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"net/http"
|
2020-10-15 03:45:45 +02:00
|
|
|
"strings"
|
2020-10-15 01:24:36 +02:00
|
|
|
)
|
|
|
|
|
|
2021-05-25 03:46:00 +02:00
|
|
|
// Handler takes care of security for a given handler with the given security configuration
|
2020-10-15 01:24:36 +02:00
|
|
|
func Handler(handler http.HandlerFunc, security *Config) http.HandlerFunc {
|
2021-12-15 05:20:43 +01:00
|
|
|
if security == nil {
|
|
|
|
|
return handler
|
|
|
|
|
} else if security.Basic != nil {
|
|
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
usernameEntered, passwordEntered, ok := r.BasicAuth()
|
|
|
|
|
if !ok || usernameEntered != security.Basic.Username || Sha512(passwordEntered) != strings.ToLower(security.Basic.PasswordSha512Hash) {
|
|
|
|
|
w.Header().Set("WWW-Authenticate", "Basic")
|
|
|
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
|
|
|
_, _ = w.Write([]byte("Unauthorized"))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
handler(w, r)
|
|
|
|
|
}
|
|
|
|
|
} else if security.OIDC != nil {
|
|
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
// TODO: Check if the user is authenticated, and redirect to /login if they're not?
|
|
|
|
|
handler(w, r)
|
2020-10-15 01:24:36 +02:00
|
|
|
}
|
|
|
|
|
}
|
2021-12-15 05:20:43 +01:00
|
|
|
return handler
|
2020-10-15 01:24:36 +02:00
|
|
|
}
|
