forked from openshift/origin
/
authentication.go
34 lines (28 loc) · 1.07 KB
/
authentication.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
package handlers
import (
"net/http"
"github.com/golang/glog"
"k8s.io/apiserver/pkg/authentication/authenticator"
apirequest "k8s.io/apiserver/pkg/endpoints/request"
)
// AuthenticationHandlerFilter creates a filter object that will enforce authentication directly
func AuthenticationHandlerFilter(handler http.Handler, authenticator authenticator.Request, contextMapper apirequest.RequestContextMapper) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
user, ok, err := authenticator.AuthenticateRequest(req)
if err != nil || !ok {
http.Error(w, "Unauthorized", http.StatusUnauthorized)
return
}
ctx, ok := contextMapper.Get(req)
if !ok {
http.Error(w, "Unable to find request context", http.StatusInternalServerError)
return
}
if err := contextMapper.Update(req, apirequest.WithUser(ctx, user)); err != nil {
glog.V(4).Infof("Error setting authenticated context: %v", err)
http.Error(w, "Unable to set authenticated request context", http.StatusInternalServerError)
return
}
handler.ServeHTTP(w, req)
})
}