auth

Paddy 2015-01-18 Parent:d46d22e5b5d6 Child:bc842183181d

120:118a69954621 Go to Latest

auth/request.go

Validate client when doing credential grants. When granting a token based on user credentials, I forgot to validate the client credentials that were sent. So implement that.

Download raw file
View source Diff to previous Annotate
History
paddy@99 1 package auth
paddy@99 2
paddy@104 3 import (
paddy@104 4 "encoding/json"
paddy@104 5 "log"
paddy@104 6 "net/http"
paddy@104 7
paddy@104 8 "bitbucket.org/ww/goautoneg"
paddy@104 9 )
paddy@104 10
paddy@99 11 const (
paddy@99 12 requestErrAccessDenied = "access_denied"
paddy@99 13 requestErrInsufficient = "insufficient"
paddy@99 14 requestErrOverflow = "overflow"
paddy@99 15 requestErrInvalidValue = "invalid_value"
paddy@99 16 requestErrInvalidFormat = "invalid_format"
paddy@99 17 requestErrMissing = "missing"
paddy@99 18 requestErrNotFound = "not_found"
paddy@104 19 requestErrConflict = "conflict"
paddy@99 20 requestErrActOfGod = "act_of_god"
paddy@99 21 )
paddy@99 22
paddy@104 23 var (
paddy@104 24 actOfGodResponse = response{Errors: []requestError{requestError{Slug: requestErrActOfGod}}}
paddy@104 25 invalidFormatResponse = response{Errors: []requestError{requestError{Slug: requestErrInvalidFormat, Field: "/"}}}
paddy@104 26
paddy@104 27 encoders = []string{"application/json"}
paddy@104 28 )
paddy@104 29
paddy@104 30 type response struct {
paddy@108 31 Errors []requestError `json:"errors,omitempty"`
paddy@108 32 Logins []Login `json:"logins,omitempty"`
paddy@108 33 Profiles []Profile `json:"profiles,omitempty"`
paddy@108 34 Clients []Client `json:"clients,omitempty"`
paddy@108 35 Endpoints []Endpoint `json:"endpoints,omitempty"`
paddy@104 36 }
paddy@104 37
paddy@99 38 type requestError struct {
paddy@99 39 Slug string `json:"error,omitempty"`
paddy@99 40 Field string `json:"field,omitempty"`
paddy@99 41 Param string `json:"param,omitempty"`
paddy@99 42 Header string `json:"header,omitempty"`
paddy@99 43 }
paddy@104 44
paddy@104 45 func negotiate(h http.Handler) http.Handler {
paddy@104 46 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
paddy@110 47 if r.Header.Get("Accept") != "" {
paddy@110 48 contentType := goautoneg.Negotiate(r.Header.Get("Accept"), encoders)
paddy@110 49 if contentType == "" {
paddy@110 50 w.WriteHeader(http.StatusNotAcceptable)
paddy@110 51 w.Write([]byte("Unsupported content type requested: " + r.Header.Get("Accept")))
paddy@110 52 return
paddy@110 53 }
paddy@104 54 }
paddy@104 55 h.ServeHTTP(w, r)
paddy@104 56 })
paddy@104 57 }
paddy@104 58
paddy@104 59 func encode(w http.ResponseWriter, r *http.Request, status int, resp response) {
paddy@104 60 contentType := goautoneg.Negotiate(r.Header.Get("Accept"), encoders)
paddy@104 61 w.Header().Set("content-type", contentType)
paddy@104 62 w.WriteHeader(status)
paddy@104 63 var err error
paddy@104 64 switch contentType {
paddy@104 65 case "application/json":
paddy@104 66 enc := json.NewEncoder(w)
paddy@104 67 err = enc.Encode(resp)
paddy@110 68 default:
paddy@110 69 enc := json.NewEncoder(w)
paddy@110 70 err = enc.Encode(resp)
paddy@104 71 }
paddy@104 72 if err != nil {
paddy@104 73 log.Println(err)
paddy@104 74 }
paddy@104 75 }
paddy@104 76
paddy@104 77 func wrap(context Context, f func(w http.ResponseWriter, r *http.Request, context Context)) http.Handler {
paddy@104 78 return negotiate(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
paddy@104 79 f(w, r, context)
paddy@104 80 }))
paddy@104 81 }