| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 |
- package middleware
- import (
- "errors"
- "strconv"
- "strings"
- "github.com/Unknwon/macaron"
- "github.com/torkelo/grafana-pro/pkg/bus"
- m "github.com/torkelo/grafana-pro/pkg/models"
- "github.com/torkelo/grafana-pro/pkg/setting"
- )
- type AuthOptions struct {
- ReqAdmin bool
- ReqSignedIn bool
- }
- func getRequestAccountId(c *Context) (int64, error) {
- accountId := c.Session.Get("accountId")
- if accountId != nil {
- return accountId.(int64), nil
- }
- // localhost render query
- urlQuery := c.Req.URL.Query()
- if len(urlQuery["render"]) > 0 {
- accId, _ := strconv.ParseInt(urlQuery["accountId"][0], 10, 64)
- c.Session.Set("accountId", accId)
- accountId = accId
- }
- // check api token
- header := c.Req.Header.Get("Authorization")
- parts := strings.SplitN(header, " ", 2)
- if len(parts) == 2 || parts[0] == "Bearer" {
- token := parts[1]
- userQuery := m.GetAccountByTokenQuery{Token: token}
- if err := bus.Dispatch(&userQuery); err != nil {
- return -1, err
- }
- return userQuery.Result.Id, nil
- }
- // anonymous gues user
- if setting.Anonymous {
- return setting.AnonymousAccountId, nil
- }
- return -1, errors.New("Auth: session account id not found")
- }
- func authDenied(c *Context) {
- if c.IsApiRequest() {
- c.JsonApiErr(401, "Access denied", nil)
- }
- c.Redirect(setting.AppSubUrl + "/login")
- }
- func Auth(options *AuthOptions) macaron.Handler {
- return func(c *Context) {
- if !c.IsSignedIn && options.ReqSignedIn {
- authDenied(c)
- return
- }
- if !c.IsAdmin && options.ReqAdmin {
- authDenied(c)
- return
- }
- }
- }
|
