middleware/auth/token/token.go

124 lines
2.9 KiB
Go
Raw Normal View History

2020-11-07 11:59:33 +00:00
package token
import (
"context"
"errors"
"net/http"
"go.pkg.cx/middleware"
)
// Errors
var (
ErrTokenInvalid = errors.New("token invalid")
ErrTokenNotFound = errors.New("token not found")
)
// Context keys
var (
DataCtxKey = &middleware.CtxKey{Pkg: "go.pkg.cx/middleware/auth/token", Name: "Data"}
TokenCtxKey = &middleware.CtxKey{Pkg: "go.pkg.cx/middleware/auth/token", Name: "Token"}
)
// DefaultOptions represents default token auth middleware options
var DefaultOptions = Options(
WithFindTokenFn(middleware.TokenFromHeader("X-Token")),
WithFindTokenFn(middleware.TokenFromQuery("token")),
SetValidateTokenFn(rejectAll),
SetResponseHandler(RespondWithUnauthorized),
)
// Options turns a list of option instances into an option.
func Options(opts ...Option) Option {
return func(a *auth) {
for _, opt := range opts {
opt(a)
}
}
}
// Option configures token auth middleware
type Option func(a *auth)
// WithFindTokenFn adds token find function to the list
func WithFindTokenFn(fn func(r *http.Request) string) Option {
return func(a *auth) {
a.findTokenFns = append(a.findTokenFns, fn)
}
}
// SetFindTokenFns sets token find functions list
func SetFindTokenFns(fns ...func(r *http.Request) string) Option {
return func(a *auth) {
a.findTokenFns = fns
}
}
// SetValidateTokenFn sets token validation function
func SetValidateTokenFn(fn func(token string) (bool, interface{})) Option {
return func(a *auth) {
a.validateTokenFn = fn
}
}
// SetResponseHandler sets response handler
func SetResponseHandler(fn middleware.ResponseHandle) Option {
return func(a *auth) {
a.responseHandler = fn
}
}
type auth struct {
findTokenFns []func(r *http.Request) string
validateTokenFn func(token string) (bool, interface{})
responseHandler middleware.ResponseHandle
}
// Middleware returns token auth middleware
func Middleware(opts ...Option) func(next http.Handler) http.Handler {
a := &auth{}
opts = append([]Option{DefaultOptions}, opts...)
for _, opt := range opts {
opt(a)
}
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
var token string
for _, findTokenFn := range a.findTokenFns {
token = findTokenFn(r)
if token != "" {
break
}
}
if token == "" {
a.responseHandler(w, r, ErrTokenNotFound)
return
}
valid, data := a.validateTokenFn(token)
if !valid {
a.responseHandler(w, r, ErrTokenInvalid)
return
}
ctx := r.Context()
ctx = context.WithValue(ctx, DataCtxKey, data)
ctx = context.WithValue(ctx, TokenCtxKey, token)
next.ServeHTTP(w, r.WithContext(ctx))
})
}
}
// RespondWithUnauthorized is a default response handler
func RespondWithUnauthorized(w http.ResponseWriter, r *http.Request, err error) {
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
}
func rejectAll(token string) (bool, interface{}) {
return false, nil
}