9d7e59df36
* Change authorization header key as the use of headers starting with X- has been deprecated in RFC6648. * Update configuration.example.yaml Co-authored-by: Sebastian Serth <MrSerth@users.noreply.github.com>
37 lines
945 B
Go
37 lines
945 B
Go
package auth
|
|
|
|
import (
|
|
"crypto/subtle"
|
|
"github.com/openHPI/poseidon/internal/config"
|
|
"github.com/openHPI/poseidon/pkg/logging"
|
|
"net/http"
|
|
)
|
|
|
|
var log = logging.GetLogger("api/auth")
|
|
|
|
const TokenHeader = "Poseidon-Token"
|
|
|
|
var correctAuthenticationToken []byte
|
|
|
|
// InitializeAuthentication returns true iff the authentication is initialized successfully and can be used.
|
|
func InitializeAuthentication() bool {
|
|
token := config.Config.Server.Token
|
|
if token == "" {
|
|
return false
|
|
}
|
|
correctAuthenticationToken = []byte(token)
|
|
return true
|
|
}
|
|
|
|
func HTTPAuthenticationMiddleware(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
token := r.Header.Get(TokenHeader)
|
|
if subtle.ConstantTimeCompare([]byte(token), correctAuthenticationToken) == 0 {
|
|
log.WithField("token", token).Warn("Incorrect token")
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
return
|
|
}
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|