Semaphore/api/auth.go

package api

import (
	"database/sql"
	"fmt"
	"net/http"
	"strings"
	"time"

	"github.com/ansible-semaphore/semaphore/db"
	"github.com/ansible-semaphore/semaphore/util"
	"github.com/gorilla/context"
)

//nolint: gocyclo
func authentication(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		var userID int

		if authHeader := strings.ToLower(r.Header.Get("authorization")); len(authHeader) > 0 && strings.Contains(authHeader, "bearer") {
			var token db.APIToken
			if err := db.Mysql.SelectOne(&token, "select * from user__token where id=? and expired=0", strings.Replace(authHeader, "bearer ", "", 1)); err != nil {
				if err == sql.ErrNoRows {
					w.WriteHeader(http.StatusUnauthorized)
					return
				}

				panic(err)
			}

			userID = token.UserID
		} else {
			// fetch session from cookie
			cookie, err := r.Cookie("semaphore")
			if err != nil {
				w.WriteHeader(http.StatusUnauthorized)
				return
			}

			value := make(map[string]interface{})
			if err = util.Cookie.Decode("semaphore", cookie.Value, &value); err != nil {
				w.WriteHeader(http.StatusUnauthorized)
				return
			}

			user, ok := value["user"]
			sessionVal, okSession := value["session"]
			if !ok || !okSession {
				w.WriteHeader(http.StatusUnauthorized)
				return
			}

			userID = user.(int)
			sessionID := sessionVal.(int)

			// fetch session
			var session db.Session
			if err := db.Mysql.SelectOne(&session, "select * from session where id=? and user_id=? and expired=0", sessionID, userID); err != nil {
				w.WriteHeader(http.StatusUnauthorized)
				return
			}

			if time.Since(session.LastActive).Hours() > 7*24 {
				// more than week old unused session
				// destroy.
				if _, err := db.Mysql.Exec("update session set expired=1 where id=?", sessionID); err != nil {
					panic(err)
				}

				w.WriteHeader(http.StatusUnauthorized)
				return
			}

			if _, err := db.Mysql.Exec("update session set last_active=UTC_TIMESTAMP() where id=?", sessionID); err != nil {
				panic(err)
			}
		}

		user, err := db.FetchUser(userID)
		if err != nil {
			fmt.Println("Can't find user", err)
			w.WriteHeader(http.StatusUnauthorized)
			return
		}

		context.Set(r, "user", user)
		next.ServeHTTP(w, r)
	})
}
refactoring 2016-05-24 11:55:48 +02:00			`package api`
Initial v2 work 2016-01-05 00:32:53 +01:00
			`import (`
🎉 remove redis dependency - Remove mandrill - Remove redis - Sessions & more transparency into who's logged into your user - Session is stored in cookies (map of two integers.) - Encrypted sessions, configurable keys (auto-generated) 2016-04-30 14:28:47 +02:00			`"database/sql"`
Initial v2 work 2016-01-05 00:32:53 +01:00			`"fmt"`
🎉 gin -> net/http 2017-02-23 00:21:49 +01:00			`"net/http"`
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00			`"strings"`
Initial v2 work 2016-01-05 00:32:53 +01:00			`"time"`
Use proper github path 2016-03-16 22:49:43 +01:00
merge models -> db 2017-02-23 06:12:16 +01:00			`"github.com/ansible-semaphore/semaphore/db"`
Use proper github path 2016-03-16 22:49:43 +01:00			`"github.com/ansible-semaphore/semaphore/util"`
🎉 gin -> net/http 2017-02-23 00:21:49 +01:00			`"github.com/gorilla/context"`
Initial v2 work 2016-01-05 00:32:53 +01:00			`)`

add gometalinter to tools and run it in circle. extract some error checking and logging in places where linting needed or errors not checked 2018-03-27 22:12:47 +02:00			`//nolint: gocyclo`
Set version on windows taskfile It doesn't otherwise build on windows since by default it's `1`: ```powershell Taskfiles versions should match. First is "2" but second is "1" ``` backup 2019-07-09 09:21:49 +02:00			`func authentication(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`var userID int`
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00
Set version on windows taskfile It doesn't otherwise build on windows since by default it's `1`: ```powershell Taskfiles versions should match. First is "2" but second is "1" ``` backup 2019-07-09 09:21:49 +02:00			`if authHeader := strings.ToLower(r.Header.Get("authorization")); len(authHeader) > 0 && strings.Contains(authHeader, "bearer") {`
			`var token db.APIToken`
			`if err := db.Mysql.SelectOne(&token, "select * from user__token where id=? and expired=0", strings.Replace(authHeader, "bearer ", "", 1)); err != nil {`
			`if err == sql.ErrNoRows {`
			`w.WriteHeader(http.StatusUnauthorized)`
			`return`
			`}`

			`panic(err)`
			`}`

			`userID = token.UserID`
			`} else {`
			`// fetch session from cookie`
			`cookie, err := r.Cookie("semaphore")`
			`if err != nil {`
return 401 instead of 403 on unauthorized pages 2018-10-22 09:19:33 +02:00			`w.WriteHeader(http.StatusUnauthorized)`
🎉 remove redis dependency - Remove mandrill - Remove redis - Sessions & more transparency into who's logged into your user - Session is stored in cookies (map of two integers.) - Encrypted sessions, configurable keys (auto-generated) 2016-04-30 14:28:47 +02:00			`return`
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00			`}`

Set version on windows taskfile It doesn't otherwise build on windows since by default it's `1`: ```powershell Taskfiles versions should match. First is "2" but second is "1" ``` backup 2019-07-09 09:21:49 +02:00			`value := make(map[string]interface{})`
			`if err = util.Cookie.Decode("semaphore", cookie.Value, &value); err != nil {`
			`w.WriteHeader(http.StatusUnauthorized)`
			`return`
			`}`
Initial v2 work 2016-01-05 00:32:53 +01:00
Set version on windows taskfile It doesn't otherwise build on windows since by default it's `1`: ```powershell Taskfiles versions should match. First is "2" but second is "1" ``` backup 2019-07-09 09:21:49 +02:00			`user, ok := value["user"]`
			`sessionVal, okSession := value["session"]`
			`if !ok \|\| !okSession {`
			`w.WriteHeader(http.StatusUnauthorized)`
			`return`
			`}`
Initial v2 work 2016-01-05 00:32:53 +01:00
Set version on windows taskfile It doesn't otherwise build on windows since by default it's `1`: ```powershell Taskfiles versions should match. First is "2" but second is "1" ``` backup 2019-07-09 09:21:49 +02:00			`userID = user.(int)`
			`sessionID := sessionVal.(int)`
Initial v2 work 2016-01-05 00:32:53 +01:00
Set version on windows taskfile It doesn't otherwise build on windows since by default it's `1`: ```powershell Taskfiles versions should match. First is "2" but second is "1" ``` backup 2019-07-09 09:21:49 +02:00			`// fetch session`
			`var session db.Session`
			`if err := db.Mysql.SelectOne(&session, "select * from session where id=? and user_id=? and expired=0", sessionID, userID); err != nil {`
			`w.WriteHeader(http.StatusUnauthorized)`
			`return`
			`}`
Initial v2 work 2016-01-05 00:32:53 +01:00
Set version on windows taskfile It doesn't otherwise build on windows since by default it's `1`: ```powershell Taskfiles versions should match. First is "2" but second is "1" ``` backup 2019-07-09 09:21:49 +02:00			`if time.Since(session.LastActive).Hours() > 7*24 {`
			`// more than week old unused session`
			`// destroy.`
			`if _, err := db.Mysql.Exec("update session set expired=1 where id=?", sessionID); err != nil {`
			`panic(err)`
			`}`
Initial v2 work 2016-01-05 00:32:53 +01:00
Set version on windows taskfile It doesn't otherwise build on windows since by default it's `1`: ```powershell Taskfiles versions should match. First is "2" but second is "1" ``` backup 2019-07-09 09:21:49 +02:00			`w.WriteHeader(http.StatusUnauthorized)`
			`return`
			`}`
Initial v2 work 2016-01-05 00:32:53 +01:00
Set version on windows taskfile It doesn't otherwise build on windows since by default it's `1`: ```powershell Taskfiles versions should match. First is "2" but second is "1" ``` backup 2019-07-09 09:21:49 +02:00			`if _, err := db.Mysql.Exec("update session set last_active=UTC_TIMESTAMP() where id=?", sessionID); err != nil {`
🎉 remove redis dependency - Remove mandrill - Remove redis - Sessions & more transparency into who's logged into your user - Session is stored in cookies (map of two integers.) - Encrypted sessions, configurable keys (auto-generated) 2016-04-30 14:28:47 +02:00			`panic(err)`
			`}`
Set version on windows taskfile It doesn't otherwise build on windows since by default it's `1`: ```powershell Taskfiles versions should match. First is "2" but second is "1" ``` backup 2019-07-09 09:21:49 +02:00			`}`
Initial v2 work 2016-01-05 00:32:53 +01:00
Set version on windows taskfile It doesn't otherwise build on windows since by default it's `1`: ```powershell Taskfiles versions should match. First is "2" but second is "1" ``` backup 2019-07-09 09:21:49 +02:00			`user, err := db.FetchUser(userID)`
			`if err != nil {`
			`fmt.Println("Can't find user", err)`
return 401 instead of 403 on unauthorized pages 2018-10-22 09:19:33 +02:00			`w.WriteHeader(http.StatusUnauthorized)`
🎉 remove redis dependency - Remove mandrill - Remove redis - Sessions & more transparency into who's logged into your user - Session is stored in cookies (map of two integers.) - Encrypted sessions, configurable keys (auto-generated) 2016-04-30 14:28:47 +02:00			`return`
			`}`
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00
Set version on windows taskfile It doesn't otherwise build on windows since by default it's `1`: ```powershell Taskfiles versions should match. First is "2" but second is "1" ``` backup 2019-07-09 09:21:49 +02:00			`context.Set(r, "user", user)`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`next.ServeHTTP(w, r)`
Set version on windows taskfile It doesn't otherwise build on windows since by default it's `1`: ```powershell Taskfiles versions should match. First is "2" but second is "1" ``` backup 2019-07-09 09:21:49 +02:00			`})`
Initial v2 work 2016-01-05 00:32:53 +01:00			`}`