github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/atc/api/auth/check_worker_team_access_handler.go (about)

     1  package auth
     2  
     3  import (
     4  	"net/http"
     5  
     6  	"github.com/pf-qiu/concourse/v6/atc/api/accessor"
     7  	"github.com/pf-qiu/concourse/v6/atc/db"
     8  )
     9  
    10  type CheckWorkerTeamAccessHandlerFactory interface {
    11  	HandlerFor(pipelineScopedHandler http.Handler, rejector Rejector) http.Handler
    12  }
    13  
    14  type checkWorkerTeamAccessHandlerFactory struct {
    15  	workerFactory db.WorkerFactory
    16  }
    17  
    18  func NewCheckWorkerTeamAccessHandlerFactory(
    19  	workerFactory db.WorkerFactory,
    20  ) CheckWorkerTeamAccessHandlerFactory {
    21  	return &checkWorkerTeamAccessHandlerFactory{
    22  		workerFactory: workerFactory,
    23  	}
    24  }
    25  
    26  func (f *checkWorkerTeamAccessHandlerFactory) HandlerFor(
    27  	delegateHandler http.Handler,
    28  	rejector Rejector,
    29  ) http.Handler {
    30  	return checkWorkerTeamHandler{
    31  		rejector:        rejector,
    32  		workerFactory:   f.workerFactory,
    33  		delegateHandler: delegateHandler,
    34  	}
    35  }
    36  
    37  type checkWorkerTeamHandler struct {
    38  	rejector        Rejector
    39  	workerFactory   db.WorkerFactory
    40  	delegateHandler http.Handler
    41  }
    42  
    43  func (h checkWorkerTeamHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
    44  	acc := accessor.GetAccessor(r)
    45  	if !acc.IsAuthenticated() {
    46  		h.rejector.Unauthorized(w, r)
    47  		return
    48  	}
    49  
    50  	if acc.IsSystem() || acc.IsAdmin() {
    51  		h.delegateHandler.ServeHTTP(w, r)
    52  		return
    53  	}
    54  
    55  	workerName := r.FormValue(":worker_name")
    56  
    57  	worker, found, err := h.workerFactory.GetWorker(workerName)
    58  	if err != nil {
    59  		w.WriteHeader(http.StatusInternalServerError)
    60  		return
    61  	}
    62  
    63  	if !found {
    64  		w.WriteHeader(http.StatusNotFound)
    65  		return
    66  	}
    67  
    68  	if worker.TeamName() != "" && acc.IsAuthorized(worker.TeamName()) {
    69  		h.delegateHandler.ServeHTTP(w, r)
    70  		return
    71  	}
    72  
    73  	h.rejector.Forbidden(w, r)
    74  }