124 lines
2.9 KiB
Go
124 lines
2.9 KiB
Go
package token
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"net/http"
|
|
|
|
"go.pkg.cx/middleware"
|
|
)
|
|
|
|
// Errors
|
|
var (
|
|
ErrTokenInvalid = errors.New("token invalid")
|
|
ErrTokenNotFound = errors.New("token not found")
|
|
)
|
|
|
|
// Context keys
|
|
var (
|
|
DataCtxKey = &middleware.CtxKey{Pkg: "go.pkg.cx/middleware/auth/token", Name: "Data"}
|
|
TokenCtxKey = &middleware.CtxKey{Pkg: "go.pkg.cx/middleware/auth/token", Name: "Token"}
|
|
)
|
|
|
|
// DefaultOptions represents default token auth middleware options
|
|
var DefaultOptions = Options(
|
|
WithFindTokenFn(middleware.TokenFromHeader("X-Token")),
|
|
WithFindTokenFn(middleware.TokenFromQuery("token")),
|
|
SetValidateTokenFn(rejectAll),
|
|
SetResponseHandler(RespondWithUnauthorized),
|
|
)
|
|
|
|
// Options turns a list of option instances into an option
|
|
func Options(opts ...Option) Option {
|
|
return func(a *auth) {
|
|
for _, opt := range opts {
|
|
opt(a)
|
|
}
|
|
}
|
|
}
|
|
|
|
// Option configures token auth middleware
|
|
type Option func(a *auth)
|
|
|
|
// WithFindTokenFn adds token find function to the list
|
|
func WithFindTokenFn(fn func(r *http.Request) string) Option {
|
|
return func(a *auth) {
|
|
a.findTokenFns = append(a.findTokenFns, fn)
|
|
}
|
|
}
|
|
|
|
// SetFindTokenFns sets token find functions list
|
|
func SetFindTokenFns(fns ...func(r *http.Request) string) Option {
|
|
return func(a *auth) {
|
|
a.findTokenFns = fns
|
|
}
|
|
}
|
|
|
|
// SetValidateTokenFn sets token validation function
|
|
func SetValidateTokenFn(fn func(token string) (bool, interface{})) Option {
|
|
return func(a *auth) {
|
|
a.validateTokenFn = fn
|
|
}
|
|
}
|
|
|
|
// SetResponseHandler sets response handler
|
|
func SetResponseHandler(fn middleware.ResponseHandle) Option {
|
|
return func(a *auth) {
|
|
a.responseHandler = fn
|
|
}
|
|
}
|
|
|
|
type auth struct {
|
|
findTokenFns []func(r *http.Request) string
|
|
validateTokenFn func(token string) (bool, interface{})
|
|
responseHandler middleware.ResponseHandle
|
|
}
|
|
|
|
// Middleware returns token auth middleware
|
|
func Middleware(opts ...Option) func(next http.Handler) http.Handler {
|
|
a := &auth{}
|
|
opts = append([]Option{DefaultOptions}, opts...)
|
|
|
|
for _, opt := range opts {
|
|
opt(a)
|
|
}
|
|
|
|
return func(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
var token string
|
|
for _, findTokenFn := range a.findTokenFns {
|
|
token = findTokenFn(r)
|
|
if token != "" {
|
|
break
|
|
}
|
|
}
|
|
|
|
if token == "" {
|
|
a.responseHandler(w, r, ErrTokenNotFound)
|
|
return
|
|
}
|
|
|
|
valid, data := a.validateTokenFn(token)
|
|
if !valid {
|
|
a.responseHandler(w, r, ErrTokenInvalid)
|
|
return
|
|
}
|
|
|
|
ctx := r.Context()
|
|
ctx = context.WithValue(ctx, DataCtxKey, data)
|
|
ctx = context.WithValue(ctx, TokenCtxKey, token)
|
|
|
|
next.ServeHTTP(w, r.WithContext(ctx))
|
|
})
|
|
}
|
|
}
|
|
|
|
// RespondWithUnauthorized is a default response handler
|
|
func RespondWithUnauthorized(w http.ResponseWriter, _ *http.Request, _ error) {
|
|
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
|
|
}
|
|
|
|
func rejectAll(_ string) (bool, interface{}) {
|
|
return false, nil
|
|
}
|