forked from vmware-archive/atc
/
check_pipeline_access_handler.go
80 lines (66 loc) · 1.7 KB
/
check_pipeline_access_handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
package auth
import (
"context"
"net/http"
"github.com/concourse/atc/db"
)
type CheckPipelineAccessHandlerFactory interface {
HandlerFor(pipelineScopedHandler http.Handler, rejector Rejector) http.Handler
}
type checkPipelineAccessHandlerFactory struct {
teamFactory db.TeamFactory
}
func NewCheckPipelineAccessHandlerFactory(
teamFactory db.TeamFactory,
) *checkPipelineAccessHandlerFactory {
return &checkPipelineAccessHandlerFactory{
teamFactory: teamFactory,
}
}
func (f *checkPipelineAccessHandlerFactory) HandlerFor(
delegateHandler http.Handler,
rejector Rejector,
) http.Handler {
return checkPipelineAccessHandler{
rejector: rejector,
teamFactory: f.teamFactory,
delegateHandler: delegateHandler,
}
}
type checkPipelineAccessHandler struct {
rejector Rejector
teamFactory db.TeamFactory
delegateHandler http.Handler
}
func (h checkPipelineAccessHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
pipelineName := r.FormValue(":pipeline_name")
requestTeamName := r.FormValue(":team_name")
team, found, err := h.teamFactory.FindTeam(requestTeamName)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
return
}
if !found {
w.WriteHeader(http.StatusNotFound)
return
}
pipeline, found, err := team.Pipeline(pipelineName)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
return
}
if !found {
w.WriteHeader(http.StatusNotFound)
return
}
if IsAuthorized(r) || pipeline.Public() {
ctx := context.WithValue(r.Context(), PipelineContextKey, pipeline)
h.delegateHandler.ServeHTTP(w, r.WithContext(ctx))
return
}
if IsAuthenticated(r) {
h.rejector.Forbidden(w, r)
return
}
h.rejector.Unauthorized(w, r)
}