github.com/Tyktechnologies/tyk@v2.9.5+incompatible/gateway/mw_access_rights.go (about) 1 package gateway 2 3 import ( 4 "errors" 5 "net/http" 6 ) 7 8 // AccessRightsCheck is a middleware that will check if the key bing used to access the API has 9 // permission to access the specific version. If no permission data is in the user.SessionState, then 10 // it is assumed that the user can go through. 11 type AccessRightsCheck struct { 12 BaseMiddleware 13 } 14 15 func (a *AccessRightsCheck) Name() string { 16 return "AccessRightsCheck" 17 } 18 19 // ProcessRequest will run any checks on the request on the way through the system, return an error to have the chain fail 20 func (a *AccessRightsCheck) ProcessRequest(w http.ResponseWriter, r *http.Request, _ interface{}) (error, int) { 21 if ctxGetRequestStatus(r) == StatusOkAndIgnore { 22 return nil, http.StatusOK 23 } 24 25 accessingVersion := a.Spec.getVersionFromRequest(r) 26 if accessingVersion == "" { 27 if a.Spec.VersionData.DefaultVersion != "" { 28 accessingVersion = a.Spec.VersionData.DefaultVersion 29 } 30 } 31 session := ctxGetSession(r) 32 33 // If there's nothing in our profile, we let them through to the next phase 34 if len(session.AccessRights) > 0 { 35 // Otherwise, run auth checks 36 versionList, apiExists := session.AccessRights[a.Spec.APIID] 37 if !apiExists { 38 a.Logger().Info("Attempted access to unauthorised API") 39 40 return errors.New("Access to this API has been disallowed"), http.StatusForbidden 41 } 42 43 // Find the version in their key access details 44 found := false 45 if a.Spec.VersionData.NotVersioned { 46 // Not versioned, no point checking version access rights 47 found = true 48 } else { 49 for _, vInfo := range versionList.Versions { 50 if vInfo == accessingVersion { 51 found = true 52 break 53 } 54 } 55 } 56 57 if !found { 58 a.Logger().Info("Attempted access to unauthorised API version.") 59 return errors.New("Access to this API has been disallowed"), http.StatusForbidden 60 } 61 } 62 63 return nil, 200 64 }