github.com/greenpau/go-authcrunch@v1.1.4/pkg/authn/respond_api.go (about) 1 // Copyright 2022 Paul Greenberg greenpau@outlook.com 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package authn 16 17 import ( 18 "context" 19 "net/http" 20 "strings" 21 22 "github.com/greenpau/go-authcrunch/pkg/authn/enums/role" 23 "github.com/greenpau/go-authcrunch/pkg/requests" 24 addrutil "github.com/greenpau/go-authcrunch/pkg/util/addr" 25 "go.uber.org/zap" 26 ) 27 28 func (p *Portal) handleAPI(ctx context.Context, w http.ResponseWriter, r *http.Request, rr *requests.Request) error { 29 p.disableClientCache(w) 30 p.injectSessionID(ctx, w, r, rr) 31 w.Header().Set("Content-Type", "application/json") 32 p.logger.Debug( 33 "Received API request", 34 zap.String("session_id", rr.Upstream.SessionID), 35 zap.String("request_id", rr.ID), 36 zap.String("url_path", r.URL.Path), 37 zap.String("src_ip", addrutil.GetSourceAddress(r)), 38 zap.String("src_conn_ip", addrutil.GetSourceConnAddress(r)), 39 ) 40 41 usr, err := p.authorizeRequest(ctx, w, r, rr) 42 if err != nil { 43 p.logger.Debug( 44 "API authorization failed", 45 zap.String("session_id", rr.Upstream.SessionID), 46 zap.String("request_id", rr.ID), 47 zap.Error(err), 48 ) 49 return p.handleJSONErrorWithLog(ctx, w, r, rr, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized)) 50 } 51 52 switch { 53 case p.config.API.AdminEnabled && r.Method == "POST" && strings.Contains(r.URL.Path, "/api/manager"): 54 if err := p.authorizedRole(usr, []role.Kind{role.Admin}, rr.Response.Authenticated); err != nil { 55 p.logger.Debug( 56 "User is not authorized accessing API", 57 zap.String("session_id", rr.Upstream.SessionID), 58 zap.String("request_id", rr.ID), 59 zap.String("reason", err.Error()), 60 ) 61 return p.handleJSONError(ctx, w, http.StatusForbidden, http.StatusText(http.StatusForbidden)) 62 } 63 // case p.config.API.AdminEnabled && strings.HasSuffix(r.URL.Path, "/api/metadata"): 64 // return p.handleAPIMetadata(ctx, w, r, rr, usr) 65 // case p.config.API.AdminEnabled && strings.Contains(r.URL.Path, "/api/users"): 66 // return p.handleAPIListUsers(ctx, w, r, rr, usr) 67 return p.handleJSONError(ctx, w, http.StatusNotImplemented, http.StatusText(http.StatusNotImplemented)) 68 case p.config.API.ProfileEnabled && r.Method == "POST" && strings.Contains(r.URL.Path, "/api/profile"): 69 if err := p.authorizedRole(usr, []role.Kind{role.Admin, role.User}, rr.Response.Authenticated); err != nil { 70 p.logger.Debug( 71 "User is not authorized accessing API", 72 zap.String("session_id", rr.Upstream.SessionID), 73 zap.String("request_id", rr.ID), 74 zap.String("reason", err.Error()), 75 ) 76 return p.handleJSONError(ctx, w, http.StatusForbidden, http.StatusText(http.StatusForbidden)) 77 } 78 return p.handleAPIProfile(ctx, w, r, rr, usr) 79 default: 80 p.logger.Debug( 81 "API endpoint is not available", 82 zap.String("session_id", rr.Upstream.SessionID), 83 zap.String("request_id", rr.ID), 84 zap.Any("api_config", p.config.API), 85 zap.String("endpoint_path", r.URL.Path), 86 zap.String("endpoint_method", r.Method), 87 ) 88 } 89 90 return p.handleJSONError(ctx, w, http.StatusBadRequest, http.StatusText(http.StatusBadRequest)) 91 }