Skip to content

ligase
ligase

FinClip / ligase

通知 38
Star 8
Fork 1
ligase
ligase

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
auth.go 2.2 KB
Newer Older
R
Add Apache Version 2.0 license and headers to all golang files  
Robert Swain 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 
// Copyright 2017 Vector Creations Ltd
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
K
Extract access tokens from HTTP requests (#15)  
Kegsay 已提交
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 
package auth

import (
	"fmt"
	"net/http"
	"strings"

	"github.com/matrix-org/dendrite/clientapi/jsonerror"
	"github.com/matrix-org/util"
)

// VerifyAccessToken verifies that an access token was supplied in the given HTTP request
// and returns the user ID it corresponds to. Returns resErr (an error response which can be
// sent to the client) if the token is invalid or there was a problem querying the database.
func VerifyAccessToken(req *http.Request) (userID string, resErr *util.JSONResponse) {
	token, tokenErr := extractAccessToken(req)
	if tokenErr != nil {
		resErr = &util.JSONResponse{
			Code: 401,
			JSON: jsonerror.MissingToken(tokenErr.Error()),
		}
		return
	}
	if token == "fail" {
		res := util.ErrorResponse(fmt.Errorf("Fatal error"))
		resErr = &res
	}
	// TODO: Check the token against the database
K
Add /createRoom endpoint and unmarshal HTTP body (#27)  
Kegsay 已提交
43 
	userID = token
K
Extract access tokens from HTTP requests (#15)  
Kegsay 已提交
44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 
	return
}

// extractAccessToken from a request, or return an error detailing what went wrong. The
// error message MUST be human-readable and comprehensible to the client.
func extractAccessToken(req *http.Request) (string, error) {
	// cf https://github.com/matrix-org/synapse/blob/v0.19.2/synapse/api/auth.py#L631
	authBearer := req.Header.Get("Authorization")
	queryToken := req.URL.Query().Get("access_token")
	if authBearer != "" && queryToken != "" {
		return "", fmt.Errorf("mixing Authorization headers and access_token query parameters")
	}

	if queryToken != "" {
		return queryToken, nil
	}

	if authBearer != "" {
		parts := strings.SplitN(authBearer, " ", 2)
		if len(parts) != 2 || parts[0] != "Bearer" {
			return "", fmt.Errorf("invalid Authorization header")
		}
		return parts[1], nil
	}

	return "", fmt.Errorf("missing access token")
}