forked from jarias/stormpath-sdk-go
-
Notifications
You must be signed in to change notification settings - Fork 0
/
middleware.go
73 lines (61 loc) · 2.24 KB
/
middleware.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
package stormpathweb
import (
"encoding/json"
"net/http"
"github.com/gorilla/context"
"github.com/gorilla/sessions"
"github.com/jarias/stormpath-sdk-go"
)
//ApplicationMiddleware is an http.Handler that stores a given account in the request context
//to be use by any other handlers in the chain.
type ApplicationMiddleware struct {
ApplicationHref string
}
//ServeHTTP implements the http.Handler interface for the ApplicationMiddleware type
func (m ApplicationMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request) {
//Check if it the current app already exists
app := GetApplication(r)
if app == nil {
app, err := stormpath.NewApplicationRef(m.ApplicationHref).GetApplication()
if err == nil {
context.Set(r, ApplicationKey, *app)
}
}
}
//AccountMiddleware is an http.Handler that unmarshals the current account store in the session
//and stores it in the request context to be use by any other handler in the chain
type AccountMiddleware struct {
SessionStore sessions.Store
SessionName string
}
//ServeHTTP implements the http.Handler interface for the AccountMiddleware type
func (m AccountMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request) {
session, _ := m.SessionStore.Get(r, m.SessionName)
if session.Values[AccountKey] != nil {
account := stormpath.Account{}
json.Unmarshal([]byte(session.Values[AccountKey].([]uint8)), &account)
context.Set(r, AccountKey, account)
}
}
//AuthenticationMiddleware handles authentication for a web application, it should only be apply to http.Handlers
//that require authentication it checks the session for current account if exists it calls handler else it applies
//the UnauthorizedHandler
type AuthenticationMiddleware struct {
Next http.Handler
SessionStore sessions.Store
SessionName string
UnauthorizedHandler http.Handler
}
//ServeHTTP implements the http.Handler interface for the AuthenticationMiddleware type
func (m AuthenticationMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request) {
session, _ := m.SessionStore.Get(r, m.SessionName)
if session.Values[AccountKey] == nil {
//No account in session
m.UnauthorizedHandler.ServeHTTP(w, r)
return
}
//We are good move along
if m.Next != nil {
m.Next.ServeHTTP(w, r)
}
}