micro/api/server/auth/auth.go

package auth

import (
	"net/http"
	"strings"

	"github.com/micro/go-micro/v2/auth"
)

// CombinedAuthHandler wraps a server and authenticates requests
func CombinedAuthHandler(h http.Handler) http.Handler {
	return authHandler{
		handler: h,
		auth:    auth.DefaultAuth,
	}
}

type authHandler struct {
	handler http.Handler
	auth    auth.Auth
}

const (
	// BearerScheme is the prefix in the auth header
	BearerScheme = "Bearer "
)

func (h authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
	loginURL := h.auth.Options().LoginURL

	// Return if the user disabled auth on this endpoint
	excludes := h.auth.Options().Exclude
	if len(loginURL) > 0 {
		excludes = append(excludes, loginURL)
	}
	for _, e := range excludes {
		if e == req.URL.Path {
			h.handler.ServeHTTP(w, req)
			return
		}
	}

	var token string
	if header := req.Header.Get("Authorization"); len(header) > 0 {
		// Extract the auth token from the request
		if strings.HasPrefix(header, BearerScheme) {
			token = header[len(BearerScheme):]
		}
	} else {
		// Get the token out the cookies if not provided in headers
		if c, err := req.Cookie("micro-token"); err == nil && c != nil {
			token = strings.TrimPrefix(c.Value, auth.CookieName+"=")
			req.Header.Set("Authorization", BearerScheme+token)
		}
	}

	// If the token is valid, allow the request
	if _, err := h.auth.Verify(token); err == nil {
		h.handler.ServeHTTP(w, req)
		return
	}

	// If there is no auth login url set, 401
	if loginURL == "" {
		w.WriteHeader(401)
		return
	}

	// Redirect to the login path
	http.Redirect(w, req, loginURL, http.StatusTemporaryRedirect)
}
Auth Provider (#1309) * auth provider mock interface * Auth Provider Options * Implement API Server Auth Package * Add weh utils * Add Login URL * Auth Provider Options * Add auth provider scope and setting token in cookie * Remove auth_login_url flag Co-authored-by: Asim Aslam <asim@aslam.me> Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-07 14:06:57 +03:00			`package auth`

			`import (`
			`"net/http"`
			`"strings"`

			`"github.com/micro/go-micro/v2/auth"`
			`)`

			`// CombinedAuthHandler wraps a server and authenticates requests`
			`func CombinedAuthHandler(h http.Handler) http.Handler {`
			`return authHandler{`
			`handler: h,`
			`auth: auth.DefaultAuth,`
			`}`
			`}`

			`type authHandler struct {`
			`handler http.Handler`
			`auth auth.Auth`
			`}`

			`const (`
			`// BearerScheme is the prefix in the auth header`
			`BearerScheme = "Bearer "`
			`)`

			`func (h authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {`
			`loginURL := h.auth.Options().LoginURL`

			`// Return if the user disabled auth on this endpoint`
			`excludes := h.auth.Options().Exclude`
			`if len(loginURL) > 0 {`
			`excludes = append(excludes, loginURL)`
			`}`
			`for _, e := range excludes {`
			`if e == req.URL.Path {`
			`h.handler.ServeHTTP(w, req)`
			`return`
			`}`
			`}`

			`var token string`
Fix Auth Headers (#1324) Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-10 19:47:01 +03:00			`if header := req.Header.Get("Authorization"); len(header) > 0 {`
Auth Provider (#1309) * auth provider mock interface * Auth Provider Options * Implement API Server Auth Package * Add weh utils * Add Login URL * Auth Provider Options * Add auth provider scope and setting token in cookie * Remove auth_login_url flag Co-authored-by: Asim Aslam <asim@aslam.me> Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-07 14:06:57 +03:00			`// Extract the auth token from the request`
			`if strings.HasPrefix(header, BearerScheme) {`
			`token = header[len(BearerScheme):]`
			`}`
			`} else {`
			`// Get the token out the cookies if not provided in headers`
Fix Auth Headers (#1324) Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-10 19:47:01 +03:00			`if c, err := req.Cookie("micro-token"); err == nil && c != nil {`
			`token = strings.TrimPrefix(c.Value, auth.CookieName+"=")`
			`req.Header.Set("Authorization", BearerScheme+token)`
Auth Provider (#1309) * auth provider mock interface * Auth Provider Options * Implement API Server Auth Package * Add weh utils * Add Login URL * Auth Provider Options * Add auth provider scope and setting token in cookie * Remove auth_login_url flag Co-authored-by: Asim Aslam <asim@aslam.me> Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-07 14:06:57 +03:00			`}`
			`}`

			`// If the token is valid, allow the request`
			`if _, err := h.auth.Verify(token); err == nil {`
			`h.handler.ServeHTTP(w, req)`
			`return`
			`}`

			`// If there is no auth login url set, 401`
			`if loginURL == "" {`
			`w.WriteHeader(401)`
Return store.ErrNotFound if not found when calling over rpc (#1353) Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-16 13:30:56 +03:00			`return`
Auth Provider (#1309) * auth provider mock interface * Auth Provider Options * Implement API Server Auth Package * Add weh utils * Add Login URL * Auth Provider Options * Add auth provider scope and setting token in cookie * Remove auth_login_url flag Co-authored-by: Asim Aslam <asim@aslam.me> Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-07 14:06:57 +03:00			`}`

			`// Redirect to the login path`
			`http.Redirect(w, req, loginURL, http.StatusTemporaryRedirect)`
			`}`