forked from corestoreio/pkg
-
Notifications
You must be signed in to change notification settings - Fork 0
/
service_mw_runmode.go
158 lines (143 loc) · 6.61 KB
/
service_mw_runmode.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
// Copyright 2015-present, Cyrill @ Schumacher.fm and the CoreStore contributors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package jwt
import (
"net/http"
"github.com/corestoreio/errors"
"github.com/corestoreio/log"
loghttp "github.com/corestoreio/log/http"
"github.com/corestoreio/pkg/net/mw"
"github.com/corestoreio/pkg/store/scope"
"github.com/corestoreio/pkg/util/conv"
"github.com/corestoreio/pkg/util/csjwt"
)
// SetHeaderAuthorization convenience function to set the Authorization Bearer
// Header on a request for a given token.
func SetHeaderAuthorization(req *http.Request, token []byte) {
req.Header.Set("Authorization", "Bearer "+string(token))
}
// WithRunMode sets the initial runMode, loads the token configuration, parses
// and validates a token and if the token contains a new store code it changes
// the scope for the context.
//
// RunMode custom runMode otherwise falls back to scope.DefaultRunMode
// which selects the default website with its default store. To use the admin
// area enable scope.Store and ID 0.
//
// Finder selects the new store ID and website ID based on the store code. It
// changes the scope in the context.
func (s *Service) WithRunMode(rm scope.RunModeCalculater, sf StoreFinder) mw.Middleware {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// set run mode and add it to the context
runMode := rm.CalculateRunMode(r)
r = r.WithContext(scope.WithContextRunMode(r.Context(), runMode))
// find the default store ID for the runMode
websiteID, storeID, err := sf.DefaultStoreID(runMode)
if err != nil {
if s.Log.IsDebug() {
s.Log.Debug("jwt.Service.WithRunMode.DefaultStoreID.Error", log.Err(err),
log.Int64("store_id", storeID), log.Int64("website_id", websiteID), log.Stringer("run_mode", runMode), loghttp.Request("request", r))
}
s.ErrorHandler(errors.Wrap(err, "[store] WithRunMode.DefaultStoreID")).ServeHTTP(w, r)
return
}
// load default scoped configuration and call next handler if disabled
defaultScpCfg, err := s.ConfigByScope(websiteID, storeID) // scope of the DefaultStore selected by the run mode.
if err != nil {
if s.Log.IsDebug() {
s.Log.Debug("jwt.Service.WithRunMode.ConfigFromScope.Error", log.Err(err),
log.Int64("store_id", storeID), log.Int64("website_id", websiteID), log.Stringer("run_mode", runMode), loghttp.Request("request", r))
}
s.ErrorHandler(errors.Wrap(err, "[jwt] ConfigByScopedGetter")).ServeHTTP(w, r)
return
}
if defaultScpCfg.Disabled {
if s.Log.IsDebug() {
s.Log.Debug("jwt.Service.WithRunMode.Disabled", log.Stringer("scope", defaultScpCfg.ScopeID), log.Object("scpCfg", defaultScpCfg),
log.Int64("store_id", storeID), log.Int64("website_id", websiteID), log.Stringer("run_mode", runMode), loghttp.Request("request", r))
}
r = r.WithContext(scope.WithContext(r.Context(), websiteID, storeID))
next.ServeHTTP(w, r)
return
}
token, err := defaultScpCfg.ParseFromRequest(s.Blocklist, r)
ctx := withContext(r.Context(), token)
if err != nil {
if s.Log.IsDebug() {
s.Log.Debug("jwt.Service.WithToken.ParseFromRequest", log.Err(err), log.Marshal("token", token), log.Stringer("scope", defaultScpCfg.ScopeID), log.Object("scpCfg", defaultScpCfg), loghttp.Request("request", r))
}
// todo what should be done when the token has expired?
r = r.WithContext(scope.WithContext(r.Context(), websiteID, storeID))
defaultScpCfg.UnauthorizedHandler(errors.Wrap(err, "[jwt] WithToken.ParseFromRequest")).ServeHTTP(w, r)
return
}
// extracts the store code from the token.
reqCode := codeFromToken(token, defaultScpCfg.StoreCodeFieldName)
if reqCode == "" {
// no code found in token so call next handler and add the scope to the context
if s.Log.IsDebug() {
s.Log.Debug("jwt.Service.WithRunMode.NextHandler.WithoutCode", log.Marshal("token", token),
log.Stringer("scope", defaultScpCfg.ScopeID), log.Object("scpCfg", defaultScpCfg),
log.Int64("store_id", storeID), log.Int64("website_id", websiteID), log.Stringer("run_mode", runMode), loghttp.Request("request", r))
}
r = r.WithContext(scope.WithContext(ctx, websiteID, storeID))
next.ServeHTTP(w, r)
return
}
// convert the code string into its internal ID depending on the scope.
newWebsiteID, newStoreID, err := sf.StoreIDbyCode(runMode, reqCode)
if err != nil && !errors.IsNotFound(err) {
if s.Log.IsDebug() {
s.Log.Debug("jwt.Service.WithRunMode.IDbyCode.Error", log.Err(err), log.String("http_store_code", reqCode),
log.Int64("store_id", storeID), log.Int64("website_id", websiteID), log.Stringer("run_mode", runMode), loghttp.Request("request", r))
}
defaultScpCfg.ErrorHandler(errors.Wrap(err, "[store] WithRunMode.IDbyCode")).ServeHTTP(w, r)
return
}
if err != nil {
// not found, not active, whatever, we cannot proceed.
if s.Log.IsDebug() {
s.Log.Debug("jwt.Service.WithRunMode.StoreNotAllowed",
log.Int64("store_id", storeID), log.Int64("website_id", websiteID),
log.Stringer("run_mode", runMode), loghttp.Request("request", r))
}
r = r.WithContext(scope.WithContext(ctx, websiteID, storeID))
defaultScpCfg.UnauthorizedHandler(errors.NewUnauthorizedf(
"[store] RunMode %s with requested StoreCode %q cannot be authorized. Current WebsiteID %d StoreID %d",
runMode, reqCode, websiteID, storeID),
).ServeHTTP(w, r)
return
}
storeID = newStoreID
websiteID = newWebsiteID
r = r.WithContext(scope.WithContext(ctx, websiteID, storeID))
if s.Log.IsDebug() {
s.Log.Debug("jwt.Service.WithRunMode.NextHandler.WithCode",
log.Int64("store_id", storeID), log.Int64("website_id", websiteID),
log.Stringer("run_mode", runMode), loghttp.Request("request", r))
}
next.ServeHTTP(w, r)
})
}
}
func codeFromToken(token csjwt.Token, storeCodeFieldName string) string {
// extracts the store code from the token.
key := StoreCodeFieldName
if storeCodeFieldName != "" {
key = storeCodeFieldName
}
tokenStoreCode, _ := token.Claims.Get(key)
return conv.ToString(tokenStoreCode)
}