forked from romapres2010/httpserver
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhandler_auth.go
More file actions
156 lines (127 loc) · 5.69 KB
/
Copy pathhandler_auth.go
File metadata and controls
156 lines (127 loc) · 5.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
package httpservice
import (
"net/http"
"github.com/dgrijalva/jwt-go"
myerror "github.com/romapres2010/httpserver/error"
myjwt "github.com/romapres2010/httpserver/jwt"
mylog "github.com/romapres2010/httpserver/log"
auth "gopkg.in/korylprince/go-ad-auth.v2"
)
// checkAuthentication chek HTTP Basic Authentication or MS AD Authentication
func (s *Service) checkAuthentication(username, password string) error {
// В режиме "INTERNAL" сравнимаем пользователя пароль с тем что был передан при старте адаптера
if s.cfg.AuthType == "INTERNAL" {
if s.cfg.HTTPUserID != username || s.cfg.HTTPUserPwd != password {
myerr := myerror.New("8010", "Internal authentication - invalid user or password: username", username)
mylog.PrintfErrorInfo(myerr)
return myerr
}
mylog.PrintfInfoMsg("Success Internal Authentication: username", username)
} else if s.cfg.AuthType == "MSAD" {
config := &auth.Config{
Server: s.cfg.MSADServer,
Port: s.cfg.MSADPort,
BaseDN: s.cfg.MSADBaseDN,
Security: auth.SecurityType(s.cfg.MSADSecurity),
}
status, err := auth.Authenticate(config, username, password)
if err != nil {
myerr := myerror.WithCause("8011", "Error MS AD Authentication: Server, Port, BaseDN, Security, username", err, s.cfg.MSADServer, s.cfg.MSADPort, s.cfg.MSADBaseDN, s.cfg.MSADSecurity, username)
mylog.PrintfErrorInfo(myerr)
return myerr
}
if !status {
myerr := myerror.New("8010", "MS AD authentication - invalid user or password: Server, Port, BaseDN, Security, username", s.cfg.MSADServer, s.cfg.MSADPort, s.cfg.MSADBaseDN, s.cfg.MSADSecurity, username)
mylog.PrintfErrorInfo(myerr)
return myerr
}
mylog.PrintfInfoMsg("Success MS AD Authentication: username", username)
} else {
myerr := myerror.New("8010", "Incorrect authentication type: ")
mylog.PrintfErrorInfo(myerr)
return myerr
}
return nil
}
// SinginHandler handle authantification and creating JWT
func (s *Service) SinginHandler(w http.ResponseWriter, r *http.Request) {
mylog.PrintfDebugMsg("START ==================================================================================")
// Получить уникальный номер HTTP запроса
reqID := GetNextRequestID()
// Считаем из заголовка HTTP Basic Authentication
username, password, ok := r.BasicAuth()
if !ok {
myerr := myerror.New("8004", "Header 'Authorization' is not set: reqID", reqID)
mylog.PrintfErrorInfo(myerr)
s.processError(myerr, w, http.StatusUnauthorized, reqID)
return
}
mylog.PrintfDebugMsg("Get Authorization header: reqID, username", reqID, username)
// Выполняем аутентификацию
if myerr := s.checkAuthentication(username, password); myerr != nil {
mylog.PrintfErrorInfo(myerr)
s.processError(myerr, w, http.StatusUnauthorized, reqID)
return
}
// Включен режим JSON web token (JWT)
if s.cfg.UseJWT {
// Create the JWT claims with username
claims := &myjwt.Claims{
Username: username,
StandardClaims: jwt.StandardClaims{},
}
// создадим новый токен и запищем его в Cookie
mylog.PrintfDebugMsg("Create new JSON web token: reqID", reqID)
cookie, myerr := myjwt.CreateJWTCookie(claims, s.cfg.JWTExpiresAt, s.cfg.JwtKey)
if myerr != nil {
mylog.PrintfErrorInfo(myerr)
s.processError(myerr, w, http.StatusInternalServerError, reqID)
return
}
// set the client cookie for "token" as the JWT
http.SetCookie(w, cookie)
mylog.PrintfDebugMsg("Set HTTP Cookie: reqID, cookie", reqID, cookie)
} else {
mylog.PrintfDebugMsg("JWT is of. Nothing to do: reqID", reqID)
}
mylog.PrintfDebugMsg("SUCCESS ==================================================================================")
}
// JWTRefreshHandler handle renew JWT
func (s *Service) JWTRefreshHandler(w http.ResponseWriter, r *http.Request) {
mylog.PrintfDebugMsg("START ==================================================================================")
// Получить уникальный номер HTTP запроса
reqID := GetNextRequestID()
// Если включен режим JSON web token (JWT)
if s.cfg.UseJWT {
// проверим текущий JWT
mylog.PrintfDebugMsg("JWT is on. Check JSON web token: reqID", reqID)
// Считаем token из requests cookies
cookie, err := r.Cookie("token")
if err != nil {
myerr := myerror.WithCause("8005", "JWT token does not present in Cookie. You have to authorize first.", err)
mylog.PrintfErrorInfo(myerr)
s.processError(myerr, w, http.StatusUnauthorized, reqID) // расширенное логирование ошибки в контексте HTTP
return
}
// Проверим JWT в token
claims, myerr := myjwt.CheckJWT(cookie.Value, s.cfg.JwtKey)
if myerr != nil {
mylog.PrintfErrorInfo(myerr)
s.processError(myerr, w, http.StatusUnauthorized, reqID) // расширенное логирование ошибки в контексте HTTP
return
}
// создадим новый токен и запищем его в Cookie
mylog.PrintfDebugMsg("JWT is valid. Create new JSON web token: reqID", reqID)
if cookie, myerr = myjwt.CreateJWTCookie(claims, s.cfg.JWTExpiresAt, s.cfg.JwtKey); myerr != nil {
mylog.PrintfErrorInfo(myerr)
s.processError(myerr, w, http.StatusInternalServerError, reqID)
return
}
// set the client cookie for "token" as the JWT
http.SetCookie(w, cookie)
mylog.PrintfDebugMsg("Set HTTP Cookie: reqID, cookie", reqID, cookie)
} else {
mylog.PrintfDebugMsg("JWT is of. Nothing to do: reqID", reqID)
}
mylog.PrintfDebugMsg("SUCCESS ==================================================================================")
}