github.com/mad-app/mattermost-server@v5.11.1+incompatible/api4/handlers.go

github.com/mad-app/mattermost-server@v5.11.1+incompatible/api4/handlers.go (about)

     1  // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
     2  // See License.txt for license information.
     3  
     4  package api4
     5  
     6  import (
     7  	"net/http"
     8  
     9  	"github.com/mattermost/mattermost-server/web"
    10  )
    11  
    12  type Context = web.Context
    13  
    14  // ApiHandler provides a handler for API endpoints which do not require the user to be logged in order for access to be
    15  // granted.
    16  func (api *API) ApiHandler(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
    17  	return &web.Handler{
    18  		GetGlobalAppOptions: api.GetGlobalAppOptions,
    19  		HandleFunc:          h,
    20  		RequireSession:      false,
    21  		TrustRequester:      false,
    22  		RequireMfa:          false,
    23  		IsStatic:            false,
    24  	}
    25  }
    26  
    27  // ApiSessionRequired provides a handler for API endpoints which require the user to be logged in in order for access to
    28  // be granted.
    29  func (api *API) ApiSessionRequired(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
    30  	return &web.Handler{
    31  		GetGlobalAppOptions: api.GetGlobalAppOptions,
    32  		HandleFunc:          h,
    33  		RequireSession:      true,
    34  		TrustRequester:      false,
    35  		RequireMfa:          true,
    36  		IsStatic:            false,
    37  	}
    38  }
    39  
    40  // ApiSessionRequiredMfa provides a handler for API endpoints which require a logged-in user session  but when accessed,
    41  // if MFA is enabled, the MFA process is not yet complete, and therefore the requirement to have completed the MFA
    42  // authentication must be waived.
    43  func (api *API) ApiSessionRequiredMfa(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
    44  	return &web.Handler{
    45  		GetGlobalAppOptions: api.GetGlobalAppOptions,
    46  		HandleFunc:          h,
    47  		RequireSession:      true,
    48  		TrustRequester:      false,
    49  		RequireMfa:          false,
    50  		IsStatic:            false,
    51  	}
    52  }
    53  
    54  // ApiHandlerTrustRequester provides a handler for API endpoints which do not require the user to be logged in and are
    55  // allowed to be requested directly rather than via javascript/XMLHttpRequest, such as site branding images or the
    56  // websocket.
    57  func (api *API) ApiHandlerTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
    58  	return &web.Handler{
    59  		GetGlobalAppOptions: api.GetGlobalAppOptions,
    60  		HandleFunc:          h,
    61  		RequireSession:      false,
    62  		TrustRequester:      true,
    63  		RequireMfa:          false,
    64  		IsStatic:            false,
    65  	}
    66  }
    67  
    68  // ApiSessionRequiredTrustRequester provides a handler for API endpoints which do require the user to be logged in and
    69  // are allowed to be requested directly rather than via javascript/XMLHttpRequest, such as emoji or file uploads.
    70  func (api *API) ApiSessionRequiredTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
    71  	return &web.Handler{
    72  		GetGlobalAppOptions: api.GetGlobalAppOptions,
    73  		HandleFunc:          h,
    74  		RequireSession:      true,
    75  		TrustRequester:      true,
    76  		RequireMfa:          true,
    77  		IsStatic:            false,
    78  	}
    79  }