github.com/vieux/docker@v0.6.3-0.20161004191708-e097c2a938c7/pkg/authorization/middleware.go

github.com/vieux/docker@v0.6.3-0.20161004191708-e097c2a938c7/pkg/authorization/middleware.go (about)

     1  package authorization
     2  
     3  import (
     4  	"net/http"
     5  
     6  	"github.com/Sirupsen/logrus"
     7  	"golang.org/x/net/context"
     8  )
     9  
    10  // Middleware uses a list of plugins to
    11  // handle authorization in the API requests.
    12  type Middleware struct {
    13  	plugins []Plugin
    14  }
    15  
    16  // NewMiddleware creates a new Middleware
    17  // with a slice of plugins names.
    18  func NewMiddleware(names []string) *Middleware {
    19  	return &Middleware{
    20  		plugins: newPlugins(names),
    21  	}
    22  }
    23  
    24  // SetPlugins sets the plugin used for authorization
    25  func (m *Middleware) SetPlugins(names []string) {
    26  	m.plugins = newPlugins(names)
    27  }
    28  
    29  // WrapHandler returns a new handler function wrapping the previous one in the request chain.
    30  func (m *Middleware) WrapHandler(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
    31  	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
    32  
    33  		if len(m.plugins) == 0 {
    34  			return handler(ctx, w, r, vars)
    35  		}
    36  
    37  		user := ""
    38  		userAuthNMethod := ""
    39  
    40  		// Default authorization using existing TLS connection credentials
    41  		// FIXME: Non trivial authorization mechanisms (such as advanced certificate validations, kerberos support
    42  		// and ldap) will be extracted using AuthN feature, which is tracked under:
    43  		// https://github.com/docker/docker/pull/20883
    44  		if r.TLS != nil && len(r.TLS.PeerCertificates) > 0 {
    45  			user = r.TLS.PeerCertificates[0].Subject.CommonName
    46  			userAuthNMethod = "TLS"
    47  		}
    48  
    49  		authCtx := NewCtx(m.plugins, user, userAuthNMethod, r.Method, r.RequestURI)
    50  
    51  		if err := authCtx.AuthZRequest(w, r); err != nil {
    52  			logrus.Errorf("AuthZRequest for %s %s returned error: %s", r.Method, r.RequestURI, err)
    53  			return err
    54  		}
    55  
    56  		rw := NewResponseModifier(w)
    57  
    58  		if err := handler(ctx, rw, r, vars); err != nil {
    59  			logrus.Errorf("Handler for %s %s returned error: %s", r.Method, r.RequestURI, err)
    60  			return err
    61  		}
    62  
    63  		if err := authCtx.AuthZResponse(rw, r); err != nil {
    64  			logrus.Errorf("AuthZResponse for %s %s returned error: %s", r.Method, r.RequestURI, err)
    65  			return err
    66  		}
    67  		return nil
    68  	}
    69  }