-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhttp_session.go
68 lines (55 loc) · 2.36 KB
/
http_session.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
package main
// sackci
// Copyright (C) 2017 Maximilian Pachl
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
// ----------------------------------------------------------------------------------
// imports
// ----------------------------------------------------------------------------------
import (
"net/http"
"strings"
"github.com/faryon93/sackci/ctx"
"github.com/faryon93/sackci/assets"
)
// ----------------------------------------------------------------------------------
// public functions
// ----------------------------------------------------------------------------------
// Sessions Middleware.
// Checks if a proper session token is supplied by the caller.
func CheckSession(h http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
url := r.URL.Path
token, err := ctx.Sessions.ValidateRequest(r)
if err == nil {
ctx.Sessions.Refresh(token)
}
// the whole rest api is secured by a session token
// except the login endpoint
// the trigger endpoint handls authentication himself
if strings.HasPrefix(url, HTTP_API_BASE) {
secured := url != HTTP_API_BASE + "/login" &&
!strings.HasSuffix(url, "/trigger")
if secured && err != nil {
http.Error(w, err.Error(), http.StatusUnauthorized)
return
}
// all non api pages should be redirected to the login page
// except for all static assets
} else if !strings.HasPrefix(url, "/login") && !assets.FileExists(url) {
if err != nil {
http.Redirect(w, r, "/login", http.StatusTemporaryRedirect)
return
}
}
h.ServeHTTP(w, r)
})
}