forked from concourse/concourse
/
handler.go
54 lines (45 loc) · 1.1 KB
/
handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
package policychecker
import (
"fmt"
"net/http"
"code.cloudfoundry.org/lager"
"github.com/pf-qiu/concourse/v6/atc/api/accessor"
"github.com/pf-qiu/concourse/v6/atc/policy"
)
func NewHandler(
logger lager.Logger,
handler http.Handler,
action string,
policyChecker PolicyChecker,
) http.Handler {
return policyCheckingHandler{
logger: logger,
handler: handler,
action: action,
policyChecker: policyChecker,
}
}
type policyCheckingHandler struct {
logger lager.Logger
handler http.Handler
action string
policyChecker PolicyChecker
}
func (h policyCheckingHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
acc := accessor.GetAccessor(r)
result, err := h.policyChecker.Check(h.action, acc, r)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
fmt.Fprintf(w, fmt.Sprintf("policy check error: %s", err.Error()))
return
}
if !result.Allowed {
w.WriteHeader(http.StatusForbidden)
policyCheckErr := policy.PolicyCheckNotPass{
Reasons: result.Reasons,
}
fmt.Fprintf(w, policyCheckErr.Error())
return
}
h.handler.ServeHTTP(w, r)
}