We use cookies to ensure you get the best experience on our website
Kezdőlap Felfedezés Súgó
Regisztráció Bejelentkezés
0ct0pu5
/
moby
1
0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Fa: a616cf3b88
Branch-ok Tag-ek
moby
/
pkg
/
authorization
/
middleware.go

middleware.go 2.2 KB
Előzmények Nyers

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. package authorization
    2. 

  2. 

  3. import (
    4. 

  4. 	"net/http"
    5. 

  5. 	"sync"
    6. 

  6. 

  7. 	"github.com/Sirupsen/logrus"
    8. 

  8. 	"golang.org/x/net/context"
    9. 

  9. )
    10. 

  10. 

  11. // Middleware uses a list of plugins to
    12. 

  12. // handle authorization in the API requests.
    13. 

  13. type Middleware struct {
    14. 

  14. 	mu      sync.Mutex
    15. 

  15. 	plugins []Plugin
    16. 

  16. }
    17. 

  17. 

  18. // NewMiddleware creates a new Middleware
    19. 

  19. // with a slice of plugins names.
    20. 

  20. func NewMiddleware(names []string) *Middleware {
    21. 

  21. 	return &Middleware{
    22. 

  22. 		plugins: newPlugins(names),
    23. 

  23. 	}
    24. 

  24. }
    25. 

  25. 

  26. // SetPlugins sets the plugin used for authorization
    27. 

  27. func (m *Middleware) SetPlugins(names []string) {
    28. 

  28. 	m.mu.Lock()
    29. 

  29. 	m.plugins = newPlugins(names)
    30. 

  30. 	m.mu.Unlock()
    31. 

  31. }
    32. 

  32. 

  33. // WrapHandler returns a new handler function wrapping the previous one in the request chain.
    34. 

  34. func (m *Middleware) WrapHandler(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
    35. 

  35. 	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
    36. 

  36. 

  37. 		m.mu.Lock()
    38. 

  38. 		plugins := m.plugins
    39. 

  39. 		m.mu.Unlock()
    40. 

  40. 		if len(plugins) == 0 {
    41. 

  41. 			return handler(ctx, w, r, vars)
    42. 

  42. 		}
    43. 

  43. 

  44. 		user := ""
    45. 

  45. 		userAuthNMethod := ""
    46. 

  46. 

  47. 		// Default authorization using existing TLS connection credentials
    48. 

  48. 		// FIXME: Non trivial authorization mechanisms (such as advanced certificate validations, kerberos support
    49. 

  49. 		// and ldap) will be extracted using AuthN feature, which is tracked under:
    50. 

  50. 		// https://github.com/docker/docker/pull/20883
    51. 

  51. 		if r.TLS != nil && len(r.TLS.PeerCertificates) > 0 {
    52. 

  52. 			user = r.TLS.PeerCertificates[0].Subject.CommonName
    53. 

  53. 			userAuthNMethod = "TLS"
    54. 

  54. 		}
    55. 

  55. 

  56. 		authCtx := NewCtx(plugins, user, userAuthNMethod, r.Method, r.RequestURI)
    57. 

  57. 

  58. 		if err := authCtx.AuthZRequest(w, r); err != nil {
    59. 

  59. 			logrus.Errorf("AuthZRequest for %s %s returned error: %s", r.Method, r.RequestURI, err)
    60. 

  60. 			return err
    61. 

  61. 		}
    62. 

  62. 

  63. 		rw := NewResponseModifier(w)
    64. 

  64. 

  65. 		if err := handler(ctx, rw, r, vars); err != nil {
    66. 

  66. 			logrus.Errorf("Handler for %s %s returned error: %s", r.Method, r.RequestURI, err)
    67. 

  67. 			return err
    68. 

  68. 		}
    69. 

  69. 

  70. 		if err := authCtx.AuthZResponse(rw, r); err != nil {
    71. 

  71. 			logrus.Errorf("AuthZResponse for %s %s returned error: %s", r.Method, r.RequestURI, err)
    72. 

  72. 			return err
    73. 

  73. 		}
    74. 

  74. 		return nil
    75. 

  75. 	}
    76. 

  76. }
    77.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5