-
Notifications
You must be signed in to change notification settings - Fork 9
/
auth_middleware.go
46 lines (37 loc) · 1.22 KB
/
auth_middleware.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
package management
import (
"net/http"
"time"
sig "github.com/madappgang/digestsig"
l "github.com/madappgang/identifo/v2/localization"
)
var KeyIDHeaderKey = http.CanonicalHeaderKey("X-Nl-Key-Id")
func (ar *Router) AuthMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
locale := r.Header.Get("Accept-Language")
if len(r.Header[KeyIDHeaderKey]) != 1 || len(r.Header[KeyIDHeaderKey][0]) == 0 {
ar.Error(w, locale, http.StatusBadRequest, l.ErrorNativeLoginMaNoKeyID)
return
}
keyID := r.Header[KeyIDHeaderKey][0]
key, err := ar.stor.GetKey(r.Context(), keyID)
if err != nil {
ar.Error(w, locale, http.StatusBadRequest, l.ErrorNativeLoginMaErrorKeyWithID, keyID, err)
return
}
if !key.Active {
ar.Error(w, locale, http.StatusBadRequest, l.ErrorNativeLoginMaKeyInactive)
return
}
if key.ValidTill != nil && time.Now().After(*key.ValidTill) {
ar.Error(w, locale, http.StatusBadRequest, l.ErrorNativeLoginMaKeyExpired)
return
}
err = sig.VerifySignature(r, []byte(key.Secret))
if err != nil {
ar.Error(w, locale, http.StatusBadRequest, l.ErrorNativeLoginMaErrorSignature, err)
return
}
next.ServeHTTP(w, r)
})
}