github.com/dbernstein1/tyk@v2.9.0-beta9-dl-apic+incompatible/gateway/mw_granular_access.go (about) 1 package gateway 2 3 import ( 4 "errors" 5 "net/http" 6 7 "github.com/TykTechnologies/tyk/regexp" 8 ) 9 10 // GranularAccessMiddleware will check if a URL is specifically enabled for the key 11 type GranularAccessMiddleware struct { 12 BaseMiddleware 13 } 14 15 func (m *GranularAccessMiddleware) Name() string { 16 return "GranularAccessMiddleware" 17 } 18 19 // ProcessRequest will run any checks on the request on the way through the system, return an error to have the chain fail 20 func (m *GranularAccessMiddleware) ProcessRequest(w http.ResponseWriter, r *http.Request, _ interface{}) (error, int) { 21 logger := m.Logger() 22 session := ctxGetSession(r) 23 24 sessionVersionData, foundAPI := session.AccessRights[m.Spec.APIID] 25 if !foundAPI { 26 return nil, http.StatusOK 27 } 28 29 if len(sessionVersionData.AllowedURLs) == 0 { 30 return nil, http.StatusOK 31 } 32 33 for _, accessSpec := range sessionVersionData.AllowedURLs { 34 logger.Debug("Checking: ", r.URL.Path, " Against:", accessSpec.URL) 35 asRegex, err := regexp.Compile(accessSpec.URL) 36 if err != nil { 37 logger.WithError(err).Error("Regex error") 38 return nil, http.StatusOK 39 } 40 41 match := asRegex.MatchString(r.URL.Path) 42 if match { 43 logger.Debug("Match!") 44 for _, method := range accessSpec.Methods { 45 if method == r.Method { 46 return nil, http.StatusOK 47 } 48 } 49 } 50 } 51 52 logger.Info("Attempted access to unauthorised endpoint (Granular).") 53 54 return errors.New("Access to this resource has been disallowed"), http.StatusForbidden 55 56 }