mirror of
https://github.com/1f349/gomvn.git
synced 2024-10-18 09:21:48 +01:00
48 lines
1.1 KiB
Go
48 lines
1.1 KiB
Go
|
package routes
|
||
|
|
|
||
|
|
import (
|
||
|
|
"context"
|
||
|
|
"encoding/base64"
|
||
|
|
"github.com/1f349/gomvn/database"
|
||
|
|
"github.com/julienschmidt/httprouter"
|
||
|
|
"net/http"
|
||
|
|
"strings"
|
||
|
|
)
|
||
|
|
|
||
|
|
func (r *routeCtx) repoAuth(next httprouter.Handle) httprouter.Handle {
|
||
|
|
return func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
|
||
|
|
un, pw, ok := parseBasicBearer(req)
|
||
|
|
if !ok {
|
||
|
|
http.Error(rw, "403 Forbidden", http.StatusForbidden)
|
||
|
|
return
|
||
|
|
}
|
||
|
|
isValid, err := r.db.CheckUserDetails(context.Background(), database.CheckUserDetailsParams{
|
||
|
|
Name: un,
|
||
|
|
TokenHash: pw,
|
||
|
|
})
|
||
|
|
if err != nil || isValid != 1 {
|
||
|
|
http.Error(rw, "403 Forbidden", http.StatusForbidden)
|
||
|
|
return
|
||
|
|
}
|
||
|
|
next(rw, req, params)
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
func parseBasicBearer(req *http.Request) (string, string, bool) {
|
||
|
|
auth := req.Header.Get("Authorization")
|
||
|
|
details, ok := strings.CutPrefix(auth, "Basic ")
|
||
|
|
if !ok {
|
||
|
|
return "", "", false
|
||
|
|
}
|
||
|
|
decBytes, err := base64.StdEncoding.DecodeString(details)
|
||
|
|
if err != nil {
|
||
|
|
return "", "", false
|
||
|
|
}
|
||
|
|
decStr := string(decBytes)
|
||
|
|
n := strings.IndexByte(decStr, ':')
|
||
|
|
if n == -1 {
|
||
|
|
return "", "", false
|
||
|
|
}
|
||
|
|
return decStr[:n], decStr[n+1:], true
|
||
|
|
}
|