github.com/hellofresh/janus@v0.0.0-20230925145208-ce8de8183c67/pkg/plugin/organization/middleware.go

github.com/hellofresh/janus@v0.0.0-20230925145208-ce8de8183c67/pkg/plugin/organization/middleware.go (about)

     1  package organization
     2  
     3  import (
     4  	"encoding/json"
     5  	"github.com/hellofresh/janus/pkg/errors"
     6  	"github.com/hellofresh/janus/pkg/plugin/basic/encrypt"
     7  	log "github.com/sirupsen/logrus"
     8  	"net/http"
     9  )
    10  
    11  const organizationHeader = "X-Organization"
    12  const organizationConfigHeader = "X-OrganizationConfig"
    13  
    14  // NewOrganization is a HTTP organization middleware
    15  func NewOrganization(organization Organization, repo Repository) func(handler http.Handler) http.Handler {
    16  	return func(next http.Handler) http.Handler {
    17  		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    18  			query := r.URL.Query()
    19  
    20  			log.Debug("Starting organization auth middleware")
    21  			logger := log.WithFields(log.Fields{
    22  				"path":   r.RequestURI,
    23  				"origin": r.RemoteAddr,
    24  			})
    25  
    26  			username, password, authOK := r.BasicAuth()
    27  			if !authOK {
    28  				errors.Handler(w, r, ErrNotAuthorized)
    29  				return
    30  			}
    31  
    32  			var found bool
    33  			users, err := repo.FindAll()
    34  			if err != nil {
    35  				log.WithError(err).Error("Error when getting all users")
    36  				errors.Handler(w, r, errors.New(http.StatusInternalServerError, "there was an error when looking for users"))
    37  				return
    38  			}
    39  
    40  			hash := encrypt.Hash{}
    41  			var organizationConfig *OrganizationConfig
    42  
    43  			for _, u := range users {
    44  				//if username == u.Username && (subtle.ConstantTimeCompare([]byte(password), []byte(u.Password)) == 1) {
    45  				if username == u.Username && (hash.Compare(u.Password, password) == nil) {
    46  					found = true
    47  					organization.Organization = u.Organization
    48  					organizationConfig, err = repo.FindOrganization(u.Organization)
    49  					if err != nil {
    50  						log.WithError(err).Error("Error finding organization")
    51  						errors.Handler(w, r, errors.New(http.StatusInternalServerError, "there was an error when looking for organization"))
    52  						return
    53  					}
    54  					break
    55  				}
    56  			}
    57  
    58  			if !found {
    59  				logger.Debug("Invalid user/password provided.")
    60  				errors.Handler(w, r, ErrNotAuthorized)
    61  				return
    62  			}
    63  
    64  			// if the header already exists, delete it and write a new one it
    65  			if organization.Organization != "" {
    66  				if r.Header.Get(organizationHeader) != "" {
    67  					r.Header.Del(organizationHeader)
    68  				}
    69  				r.Header.Add(organizationHeader, organization.Organization)
    70  
    71  				if r.Header.Get(organizationConfigHeader) != "" {
    72  					r.Header.Del(organizationConfigHeader)
    73  				}
    74  				bOrganizationConfig, err := json.Marshal(organizationConfig)
    75  				if err != nil {
    76  					log.WithError(err).Error("Error marshaling organization for config header")
    77  					errors.Handler(w, r, errors.New(http.StatusInternalServerError, "there was an error when setting config header"))
    78  					return
    79  				}
    80  				r.Header.Add(organizationConfigHeader, string(bOrganizationConfig))
    81  			} else {
    82  				log.Debugf("No organization associated with user")
    83  			}
    84  
    85  			r.URL.RawQuery = query.Encode()
    86  			next.ServeHTTP(w, r)
    87  		})
    88  	}
    89  }