github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/atc/api/auth/check_pipeline_access_handler.go

github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/atc/api/auth/check_pipeline_access_handler.go (about)

     1  package auth
     2  
     3  import (
     4  	"context"
     5  	"encoding/json"
     6  	"net/http"
     7  
     8  	"github.com/pf-qiu/concourse/v6/atc"
     9  	"github.com/pf-qiu/concourse/v6/atc/api/accessor"
    10  	"github.com/pf-qiu/concourse/v6/atc/db"
    11  )
    12  
    13  type CheckPipelineAccessHandlerFactory interface {
    14  	HandlerFor(pipelineScopedHandler http.Handler, rejector Rejector) http.Handler
    15  }
    16  
    17  type checkPipelineAccessHandlerFactory struct {
    18  	teamFactory db.TeamFactory
    19  }
    20  
    21  func NewCheckPipelineAccessHandlerFactory(
    22  	teamFactory db.TeamFactory,
    23  ) *checkPipelineAccessHandlerFactory {
    24  	return &checkPipelineAccessHandlerFactory{
    25  		teamFactory: teamFactory,
    26  	}
    27  }
    28  
    29  func (f *checkPipelineAccessHandlerFactory) HandlerFor(
    30  	delegateHandler http.Handler,
    31  	rejector Rejector,
    32  ) http.Handler {
    33  	return checkPipelineAccessHandler{
    34  		rejector:        rejector,
    35  		teamFactory:     f.teamFactory,
    36  		delegateHandler: delegateHandler,
    37  	}
    38  }
    39  
    40  type checkPipelineAccessHandler struct {
    41  	rejector        Rejector
    42  	teamFactory     db.TeamFactory
    43  	delegateHandler http.Handler
    44  }
    45  
    46  func (h checkPipelineAccessHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
    47  	teamName := r.FormValue(":team_name")
    48  	pipelineName := r.FormValue(":pipeline_name")
    49  	pipelineRef := atc.PipelineRef{Name: pipelineName}
    50  	if instanceVars := r.URL.Query().Get("instance_vars"); instanceVars != "" {
    51  		err := json.Unmarshal([]byte(instanceVars), &pipelineRef.InstanceVars)
    52  		if err != nil {
    53  			w.WriteHeader(http.StatusInternalServerError)
    54  			return
    55  		}
    56  	}
    57  
    58  	team, found, err := h.teamFactory.FindTeam(teamName)
    59  	if err != nil {
    60  		w.WriteHeader(http.StatusInternalServerError)
    61  		return
    62  	}
    63  
    64  	if !found {
    65  		w.WriteHeader(http.StatusNotFound)
    66  		return
    67  	}
    68  
    69  	pipeline, found, err := team.Pipeline(pipelineRef)
    70  	if err != nil {
    71  		w.WriteHeader(http.StatusInternalServerError)
    72  		return
    73  	}
    74  
    75  	if !found {
    76  		w.WriteHeader(http.StatusNotFound)
    77  		return
    78  	}
    79  
    80  	acc := accessor.GetAccessor(r)
    81  
    82  	if acc.IsAuthorized(teamName) || pipeline.Public() {
    83  		ctx := context.WithValue(r.Context(), PipelineContextKey, pipeline)
    84  		h.delegateHandler.ServeHTTP(w, r.WithContext(ctx))
    85  		return
    86  	}
    87  
    88  	if !acc.IsAuthenticated() {
    89  		h.rejector.Unauthorized(w, r)
    90  		return
    91  	}
    92  
    93  	h.rejector.Forbidden(w, r)
    94  }