package authorization import ( "errors" "net/http" "github.com/notherealmarco/WASAPhoto/service/api/helpers" "github.com/notherealmarco/WASAPhoto/service/api/reqcontext" "github.com/notherealmarco/WASAPhoto/service/database" "github.com/sirupsen/logrus" ) // BuildAuth returns an Authorization implementation for the currently logged in user func BuildAuth(header string) (reqcontext.Authorization, error) { auth, err := BuildBearer(header) if err != nil { if err.Error() == "invalid authorization header" { return nil, errors.New("authentication method not supported") } return nil, err } return auth, nil } // Given a user authorization function, if the function returns some error, it sends the error to the client and return false // Otherwise it returns true without sending anything to the client func SendAuthorizationError(f func(db database.AppDatabase, uid string) (reqcontext.AuthStatus, error), uid string, db database.AppDatabase, w http.ResponseWriter, l logrus.FieldLogger, notFoundStatus int) bool { auth, err := f(db, uid) if err != nil { helpers.SendInternalError(err, "Authorization error", w, l) return false } if auth == reqcontext.UNAUTHORIZED { // The token is not valid helpers.SendStatus(http.StatusUnauthorized, w, "Unauthorized", l) return false } if auth == reqcontext.FORBIDDEN { // The user is not authorized for this action helpers.SendStatus(http.StatusForbidden, w, "Forbidden", l) return false } if auth == reqcontext.USER_NOT_FOUND { // Attempting to perform an action on a non-existent user helpers.SendStatus(notFoundStatus, w, "User not found", l) return false } return true } // Given a function that validates a token, if the function returns some error, it sends the error to the client and return false // Otherwise it returns true without sending anything to the client func SendErrorIfNotLoggedIn(f func(db database.AppDatabase) (reqcontext.AuthStatus, error), db database.AppDatabase, w http.ResponseWriter, l logrus.FieldLogger) bool { auth, err := f(db) if err != nil { helpers.SendInternalError(err, "Authorization error", w, l) return false } if auth == reqcontext.UNAUTHORIZED { // The token is not valid helpers.SendStatus(http.StatusUnauthorized, w, "Unauthorized", l) return false } return true }