github.com/billybanfield/evergreen@v0.0.0-20170525200750-eeee692790f7/apiv3/route/authenticator.go (about) 1 package route 2 3 import ( 4 "net/http" 5 6 "github.com/evergreen-ci/evergreen/apiv3" 7 "github.com/evergreen-ci/evergreen/apiv3/servicecontext" 8 "github.com/evergreen-ci/evergreen/auth" 9 "github.com/evergreen-ci/evergreen/util" 10 ) 11 12 // Authenticator is an interface which defines how requests can authenticate 13 // against the API service. 14 type Authenticator interface { 15 Authenticate(servicecontext.ServiceContext, *http.Request) error 16 } 17 18 // NoAuthAuthenticator is an authenticator which allows all requests to pass 19 // through. 20 type NoAuthAuthenticator struct{} 21 22 // Authenticate does not examine the request and allows all requests to pass 23 // through. 24 func (n *NoAuthAuthenticator) Authenticate(sc servicecontext.ServiceContext, 25 r *http.Request) error { 26 return nil 27 } 28 29 // SuperUserAuthenticator only allows user in the SuperUsers field of the 30 // settings file to complete the request 31 type SuperUserAuthenticator struct{} 32 33 // Authenticate fetches the user information from the http request 34 // and checks if it matches the users in the settings file. If no SuperUsers 35 // exist in the settings file, all users are considered super. It returns 36 // 'NotFound' errors to prevent leaking sensitive information. 37 func (s *SuperUserAuthenticator) Authenticate(sc servicecontext.ServiceContext, 38 r *http.Request) error { 39 u := GetUser(r) 40 41 if auth.IsSuperUser(sc.GetSuperUsers(), u) { 42 return nil 43 } 44 return apiv3.APIError{ 45 StatusCode: http.StatusNotFound, 46 Message: "Not found", 47 } 48 } 49 50 // ProjectOwnerAuthenticator only allows the owner of the project and 51 // superusers access to the information. It requires that the project be 52 // available and that the user also be set. 53 type ProjectAdminAuthenticator struct{} 54 55 // ProjectAdminAuthenticator checks that the user is either a super user or is 56 // part of the project context's project admins. 57 func (p *ProjectAdminAuthenticator) Authenticate(sc servicecontext.ServiceContext, 58 r *http.Request) error { 59 projCtx := MustHaveProjectContext(r) 60 u := GetUser(r) 61 62 // If either a superuser or admin, request is allowed to proceed. 63 if auth.IsSuperUser(sc.GetSuperUsers(), u) || 64 util.SliceContains(projCtx.ProjectRef.Admins, u.Username()) { 65 return nil 66 } 67 68 return apiv3.APIError{ 69 StatusCode: http.StatusNotFound, 70 Message: "Not found", 71 } 72 } 73 74 // RequireUserAuthenticator requires that a user be attached to a request. 75 type RequireUserAuthenticator struct{} 76 77 // Authenticate checks that a user is set on the request. If one is 78 // set, it is because PrefetchUser already set it, which checks the validity of 79 // the APIKey, so that is no longer needed to be checked. 80 func (rua *RequireUserAuthenticator) Authenticate(sc servicecontext.ServiceContext, 81 r *http.Request) error { 82 u := GetUser(r) 83 if u == nil { 84 return apiv3.APIError{ 85 StatusCode: http.StatusNotFound, 86 Message: "Not found", 87 } 88 89 } 90 return nil 91 }