forked from concourse/concourse
-
Notifications
You must be signed in to change notification settings - Fork 0
/
handler.go
51 lines (43 loc) · 1.01 KB
/
handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
package policychecker
import (
"fmt"
"net/http"
"code.cloudfoundry.org/lager"
"github.com/chenbh/concourse/v6/atc/api/accessor"
)
func NewHandler(
logger lager.Logger,
handler http.Handler,
action string,
policyChecker PolicyChecker,
) http.Handler {
return policyCheckingHandler{
logger: logger,
handler: handler,
action: action,
policyChecker: policyChecker,
}
}
type policyCheckingHandler struct {
logger lager.Logger
handler http.Handler
action string
policyChecker PolicyChecker
}
func (h policyCheckingHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
acc := accessor.GetAccessor(r)
if h.policyChecker != nil {
pass, err := h.policyChecker.Check(h.action, acc, r)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
fmt.Fprintf(w, fmt.Sprintf("policy check error: %s", err.Error()))
return
}
if !pass {
w.WriteHeader(http.StatusForbidden)
fmt.Fprintf(w, "policy check not pass")
return
}
}
h.handler.ServeHTTP(w, r)
}