github.com/greenpau/go-authcrunch@v1.0.50/pkg/authn/respond_api.go

github.com/greenpau/go-authcrunch@v1.0.50/pkg/authn/respond_api.go (about)

     1  // Copyright 2022 Paul Greenberg greenpau@outlook.com
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package authn
    16  
    17  import (
    18  	"context"
    19  	"github.com/greenpau/go-authcrunch/pkg/requests"
    20  	addrutil "github.com/greenpau/go-authcrunch/pkg/util/addr"
    21  	"go.uber.org/zap"
    22  	"net/http"
    23  	"strings"
    24  )
    25  
    26  func (p *Portal) handleAPI(ctx context.Context, w http.ResponseWriter, r *http.Request, rr *requests.Request) error {
    27  	p.disableClientCache(w)
    28  	p.injectSessionID(ctx, w, r, rr)
    29  	w.Header().Set("Content-Type", "application/json")
    30  	p.logger.Debug(
    31  		"Received API request",
    32  		zap.String("session_id", rr.Upstream.SessionID),
    33  		zap.String("request_id", rr.ID),
    34  		zap.String("url_path", r.URL.Path),
    35  		zap.String("src_ip", addrutil.GetSourceAddress(r)),
    36  		zap.String("src_conn_ip", addrutil.GetSourceConnAddress(r)),
    37  	)
    38  
    39  	usr, err := p.authorizeRequest(ctx, w, r, rr)
    40  	if err != nil {
    41  		return p.handleJSONErrorWithLog(ctx, w, r, rr, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized))
    42  	}
    43  
    44  	if !rr.Response.Authenticated {
    45  		return p.handleJSONErrorWithLog(ctx, w, r, rr, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized))
    46  	}
    47  
    48  	if !usr.HasRole("authp/admin") {
    49  		return p.handleJSONErrorWithLog(ctx, w, r, rr, http.StatusForbidden, http.StatusText(http.StatusForbidden))
    50  	}
    51  
    52  	if p.config.API == nil || (p.config.API != nil && !p.config.API.Enabled) {
    53  		return p.handleJSONError(ctx, w, http.StatusNotImplemented, http.StatusText(http.StatusNotImplemented))
    54  	}
    55  
    56  	switch {
    57  	case strings.HasSuffix(r.URL.Path, "/api/metadata"):
    58  		return p.handleAPIMetadata(ctx, w, r, rr, usr)
    59  	case strings.Contains(r.URL.Path, "/api/orgs"):
    60  		return p.handleJSONError(ctx, w, http.StatusNotImplemented, http.StatusText(http.StatusNotImplemented))
    61  	case strings.Contains(r.URL.Path, "/api/teams"):
    62  		return p.handleJSONError(ctx, w, http.StatusNotImplemented, http.StatusText(http.StatusNotImplemented))
    63  	case strings.Contains(r.URL.Path, "/api/users"):
    64  		return p.handleAPIListUsers(ctx, w, r, rr, usr)
    65  	}
    66  
    67  	return p.handleJSONError(ctx, w, http.StatusBadRequest, http.StatusText(http.StatusBadRequest))
    68  }