Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
branch: master
Fetching contributors…

Cannot retrieve contributors at this time

64 lines (55 sloc) 2.083 kb
-module(rabbithub_auth).
-include_lib("amqp_client/include/amqp_client.hrl").
-export([check_authentication/2, check_authorization/5]).
check_authentication(Req, Fun) ->
case Req:get_header_value("authorization") of
undefined ->
case rabbithub:default_username() of
undefined ->
request_auth(Req);
Username ->
Fun(Username)
end;
"Basic " ++ AuthInfo ->
case check_auth_info(AuthInfo) of
{ok, Username} ->
Fun(Username);
{error, _Reason} ->
forbidden(Req)
end
end.
check_authorization(Req, Resource, Username, PermissionsRequired, Fun) ->
CheckResults = [catch rabbit_access_control:check_resource_access(
#user{username = list_to_binary(Username),
auth_backend = rabbit_auth_backend_internal},
Resource, P)
|| P <- PermissionsRequired],
case lists:foldl(fun check_authorization_result/2, ok, CheckResults) of
ok ->
Fun();
failed ->
forbidden(Req)
end.
check_authorization_result({'EXIT', _}, ok) ->
failed;
check_authorization_result(ok, ok) ->
ok;
check_authorization_result(_, failed) ->
failed.
forbidden(Req) ->
Req:respond({403, [], "Forbidden"}).
request_auth(Req) ->
Req:respond({401, [{"WWW-Authenticate", "Basic realm=\"rabbitmq\""}],
"Authentication required."}).
check_auth_info(AuthInfo) ->
{User, Pass} = case string:tokens(base64:decode_to_string(AuthInfo), ":") of
[U, P] -> {U, P};
[U] -> {U, ""}
end,
case catch rabbit_access_control:check_user_pass_login(list_to_binary(User),
list_to_binary(Pass)) of
{'EXIT', {amqp, access_refused, _, _}} ->
{error, access_refused};
_ ->
{ok, User}
end.
Jump to Line
Something went wrong with that request. Please try again.