Kiu/Semaphore
Kiu/Semaphore
1
0
Fork 0
mirror of https://github.com/semaphoreui/semaphore.git synced 2024-11-25 06:15:56 +01:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
87fe5f70ad
Semaphore/api/auth.go
Matej Kramny 6c633fdbf2 Merge branch 'master' into develop 
# Conflicts:
#	api/auth.go
#	cli/main.go
#	db/Event.go
2017-03-06 11:34:10 -08:00

86 lines
2.0 KiB
Go
Raw Blame History

package api
import (
"database/sql"
"fmt"
"net/http"
"strings"
"time"
"github.com/ansible-semaphore/semaphore/db"
"github.com/ansible-semaphore/semaphore/util"
"github.com/gorilla/context"
)
func authentication(w http.ResponseWriter, r *http.Request) {
var userID int
if authHeader := strings.ToLower(r.Header.Get("authorization")); len(authHeader) > 0 && strings.Contains(authHeader, "bearer") {
var token db.APIToken
if err := db.Mysql.SelectOne(&token, "select * from user__token where id=? and expired=0", strings.Replace(authHeader, "bearer ", "", 1)); err != nil {
if err == sql.ErrNoRows {
w.WriteHeader(http.StatusForbidden)
return
}
panic(err)
}
userID = token.UserID
} else {
// fetch session from cookie
cookie, err := r.Cookie("semaphore")
if err != nil {
w.WriteHeader(http.StatusForbidden)
return
}
value := make(map[string]interface{})
if err = util.Cookie.Decode("semaphore", cookie.Value, &value); err != nil {
w.WriteHeader(http.StatusForbidden)
return
}
user, ok := value["user"]
sessionVal, okSession := value["session"]
if !ok || !okSession {
w.WriteHeader(http.StatusForbidden)
return
}
userID = user.(int)
sessionID := sessionVal.(int)
// fetch session
var session db.Session
if err := db.Mysql.SelectOne(&session, "select * from session where id=? and user_id=? and expired=0", sessionID, userID); err != nil {
w.WriteHeader(http.StatusForbidden)
return
}
if time.Now().Sub(session.LastActive).Hours() > 7*24 {
// more than week old unused session
// destroy.
if _, err := db.Mysql.Exec("update session set expired=1 where id=?", sessionID); err != nil {
panic(err)
}
w.WriteHeader(http.StatusForbidden)
return
}
if _, err := db.Mysql.Exec("update session set last_active=UTC_TIMESTAMP() where id=?", sessionID); err != nil {
panic(err)
}
}
user, err := db.FetchUser(userID)
if err != nil {
fmt.Println("Can't find user", err)
w.WriteHeader(http.StatusForbidden)
return
}
context.Set(r, "user", user)
}
Reference in New Issue View Git Blame Copy Permalink