58 lines
1.3 KiB
Go
58 lines
1.3 KiB
Go
package main
|
|
|
|
import (
|
|
"flag"
|
|
"log"
|
|
"net/http"
|
|
)
|
|
|
|
var (
|
|
hostsToken = flag.String("hosts-token", "", "Token to give to access /hosts (open is none)")
|
|
adminToken = flag.String("admin-token", "", "Token to give to access to admin actions (open is none)")
|
|
)
|
|
|
|
func authorizeHosts(r *http.Request) bool {
|
|
return authorizeToken(r, *hostsToken)
|
|
}
|
|
|
|
func authorizeAdmin(r *http.Request) bool {
|
|
return authorizeToken(r, *adminToken)
|
|
}
|
|
|
|
func authorizeToken(r *http.Request, token string) bool {
|
|
if token == "" {
|
|
// access is open
|
|
return true
|
|
}
|
|
|
|
reqToken := r.Header.Get("Authorization")
|
|
if reqToken != "" {
|
|
return reqToken == "Bearer "+token
|
|
}
|
|
|
|
return r.URL.Query().Get("token") == token
|
|
}
|
|
|
|
func forbidden(w http.ResponseWriter, r *http.Request) {
|
|
log.Printf("denied access to %s from %s", r.RequestURI, r.RemoteAddr)
|
|
http.Error(w, "Forbidden", http.StatusForbidden)
|
|
}
|
|
|
|
func requireToken(token string, handler http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
|
if !authorizeToken(req, token) {
|
|
forbidden(w, req)
|
|
return
|
|
}
|
|
handler.ServeHTTP(w, req)
|
|
})
|
|
}
|
|
|
|
func requireAdmin(handler http.Handler) http.Handler {
|
|
return requireToken(*adminToken, handler)
|
|
}
|
|
|
|
func requireHosts(handler http.Handler) http.Handler {
|
|
return requireToken(*hostsToken, handler)
|
|
}
|