diff --git a/cmd/dkl-local-server/auth.go b/cmd/dkl-local-server/auth.go new file mode 100644 index 0000000..d42e9ea --- /dev/null +++ b/cmd/dkl-local-server/auth.go @@ -0,0 +1,36 @@ +package main + +import ( + "flag" + "log" + "net/http" +) + +var ( + hostsToken = flag.String("hosts-token", "", "Token to give to access /hosts (open is none)") + adminToken = flag.String("admin-token", "", "Token to give to access to admin actions (open is none)") +) + +func authorizeHosts(r *http.Request) bool { + return authorizeToken(r, *hostsToken) +} + +func authorizeAdmin(r *http.Request) bool { + return authorizeToken(r, *adminToken) +} + +func authorizeToken(r *http.Request, token string) bool { + if token == "" { + // access is open + return true + } + + reqToken := r.Header.Get("Authorization") + + return reqToken == "Bearer "+token +} + +func forbidden(w http.ResponseWriter, r *http.Request) { + log.Printf("denied access to %s from %s", r.RequestURI, r.RemoteAddr) + http.Error(w, "Forbidden", http.StatusForbidden) +} diff --git a/cmd/dkl-local-server/http.go b/cmd/dkl-local-server/http.go index 8dea7b0..7bad9e3 100644 --- a/cmd/dkl-local-server/http.go +++ b/cmd/dkl-local-server/http.go @@ -19,38 +19,11 @@ import ( ) var ( - hostsToken = flag.String("hosts-token", "", "Token to give to access /hosts (open is none)") - adminToken = flag.String("admin-token", "", "Token to give to access to admin actions (open is none)") - reHost = regexp.MustCompile("^/hosts/([^/]+)/([^/]+)$") trustXFF = flag.Bool("trust-xff", true, "Trust the X-Forwarded-For header") ) -func authorizeHosts(r *http.Request) bool { - return authorizeToken(r, *hostsToken) -} - -func authorizeAdmin(r *http.Request) bool { - return authorizeToken(r, *adminToken) -} - -func authorizeToken(r *http.Request, token string) bool { - if token == "" { - // access is open - return true - } - - reqToken := r.Header.Get("Authorization") - - return reqToken == "Bearer "+token -} - -func forbidden(w http.ResponseWriter, r *http.Request) { - log.Printf("denied access to %s from %s", r.RequestURI, r.RemoteAddr) - http.Error(w, "Forbidden", http.StatusForbidden) -} - func serveHostByIP(w http.ResponseWriter, r *http.Request) { host, cfg := hostByIP(w, r) if host == nil {