This repository has been archived by the owner on Dec 8, 2017. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
handlers.go
105 lines (91 loc) · 2.86 KB
/
handlers.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
package main
import (
"github.com/18F/hmacauth"
"log"
"net/http"
"net/http/httputil"
"net/url"
)
// NewHTTPProxyHandler returns a http.Handler and its description based on the
// configuration specified in opts.
func NewHTTPProxyHandler(opts *HmacProxyOpts) (
handler http.Handler, description string) {
auth := hmacauth.NewHmacAuth(opts.Digest.ID,
[]byte(opts.Secret), opts.SignHeader, opts.Headers)
switch opts.Mode {
case HandlerSignAndProxy:
return signAndProxyHandler(auth, &opts.Upstream)
case HandlerAuthAndProxy:
return authAndProxyHandler(auth, &opts.Upstream)
case HandlerAuthForFiles:
return authForFilesHandler(auth, opts.FileRoot)
case HandlerAuthOnly:
return authenticationOnlyHandler(auth)
}
log.Fatalf("unknown mode: %d\n", opts.Mode)
return
}
type signingHandler struct {
auth hmacauth.HmacAuth
handler http.Handler
}
func (h signingHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
h.auth.SignRequest(r)
h.handler.ServeHTTP(w, r)
}
func signAndProxyHandler(auth hmacauth.HmacAuth, upstream *HmacProxyURL) (
handler http.Handler, description string) {
description = "proxying signed requests to: " + upstream.Raw
proxy := httputil.NewSingleHostReverseProxy(upstream.URL)
handler = signingHandler{auth, proxy}
return
}
type authHandler struct {
auth hmacauth.HmacAuth
handler http.Handler
}
func (h authHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
result, _, _ := h.auth.AuthenticateRequest(r)
if result != hmacauth.ResultMatch {
http.Error(w, "unauthorized request", http.StatusUnauthorized)
} else {
h.handler.ServeHTTP(w, r)
}
}
func authAndProxyHandler(auth hmacauth.HmacAuth, upstream *HmacProxyURL) (
handler http.Handler, description string) {
description = "proxying authenticated requests to: " + upstream.Raw
proxy := httputil.NewSingleHostReverseProxy(upstream.URL)
handler = authHandler{auth, proxy}
return
}
func authForFilesHandler(auth hmacauth.HmacAuth, fileRoot string) (
handler http.Handler, description string) {
description = "serving files from " + fileRoot +
" for authenticated requests"
fileServer := http.FileServer(http.Dir(fileRoot))
handler = authHandler{auth, fileServer}
return
}
type authOnlyHandler struct {
auth hmacauth.HmacAuth
}
func (h authOnlyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if origURI := r.Header.Get("X-Original-URI"); origURI != "" {
if origURL, err := url.ParseRequestURI(origURI); err == nil {
r.URL = origURL
}
}
result, _, _ := h.auth.AuthenticateRequest(r)
if result != hmacauth.ResultMatch {
http.Error(w, "unauthorized request", http.StatusUnauthorized)
} else {
w.WriteHeader(http.StatusAccepted)
}
}
func authenticationOnlyHandler(auth hmacauth.HmacAuth) (
handler http.Handler, description string) {
description = "responding Accepted/Unauthorized for auth queries"
handler = authOnlyHandler{auth}
return
}