forked from vmware-archive/atc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
api_auth_wrappa.go
115 lines (103 loc) · 2.71 KB
/
api_auth_wrappa.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
package wrappa
import (
"github.com/concourse/atc"
"github.com/concourse/atc/auth"
"github.com/tedsuo/rata"
)
type APIAuthWrappa struct {
AuthValidator auth.Validator
TokenValidator auth.Validator
UserContextReader auth.UserContextReader
}
func NewAPIAuthWrappa(
authValidator auth.Validator,
tokenValidator auth.Validator,
userContextReader auth.UserContextReader,
) *APIAuthWrappa {
return &APIAuthWrappa{
AuthValidator: authValidator,
TokenValidator: tokenValidator,
UserContextReader: userContextReader,
}
}
func (wrappa *APIAuthWrappa) Wrap(handlers rata.Handlers) rata.Handlers {
wrapped := rata.Handlers{}
rejector := auth.UnauthorizedRejector{}
for name, handler := range handlers {
newHandler := handler
switch name {
// unauthenticated / delegating to handler
case atc.DownloadCLI,
atc.ListAuthMethods, //teamname -
atc.GetInfo,
atc.BuildEvents,
atc.GetBuild, //teamname -
atc.BuildResources,
atc.GetBuildPlan,
atc.GetBuildPreparation,
atc.ListAllPipelines, //teamname -
atc.ListBuilds, //teamname -
atc.GetJobBuild,
atc.JobBadge,
atc.ListJobs,
atc.GetJob,
atc.ListJobBuilds,
atc.GetResource,
atc.ListBuildsWithVersionAsInput,
atc.ListBuildsWithVersionAsOutput,
atc.ListResources,
atc.ListResourceVersions,
atc.ListPipelines,
atc.GetPipeline,
atc.ListTeams:
// authenticated
case atc.GetAuthToken,
atc.AbortBuild, //teamname -
atc.CreateBuild, //teamname -
atc.CreatePipe,
atc.GetContainer, //teamname -
atc.HijackContainer, //teamname -
atc.ListContainers, //teamname -
atc.ListWorkers, //teamname -
atc.ReadPipe,
atc.RegisterWorker,
atc.SetLogLevel,
atc.SetTeam,
atc.WritePipe,
atc.ListVolumes, //teamname - what does that mean?
atc.GetLogLevel:
newHandler = auth.CheckAuthenticationHandler(handler, rejector)
// authorized
case atc.CheckResource,
atc.CreateJobBuild,
atc.DeletePipeline,
atc.DisableResourceVersion,
atc.EnableResourceVersion,
atc.GetConfig,
atc.GetVersionsDB,
atc.ListJobInputs,
atc.OrderPipelines,
atc.PauseJob,
atc.PausePipeline,
atc.PauseResource,
atc.RenamePipeline,
atc.UnpauseJob,
atc.UnpausePipeline,
atc.UnpauseResource,
atc.RevealPipeline,
atc.ConcealPipeline,
atc.SaveConfig:
newHandler = auth.CheckAuthorizationHandler(handler, rejector)
// think about it!
default:
panic("you missed a spot")
}
if name == atc.GetAuthToken {
newHandler = auth.WrapHandler(newHandler, wrappa.AuthValidator, wrappa.UserContextReader)
} else {
newHandler = auth.WrapHandler(newHandler, wrappa.TokenValidator, wrappa.UserContextReader)
}
wrapped[name] = newHandler
}
return wrapped
}