overby.me / core
forked from tangled.org/core
Monorepo for Tangled
fork atom
core / appview / web / middleware / auth.go
at sl/shared-stacks 67 lines 1.7 kB view raw
boltless.me appview/{service,web}: service layer
b6fe3ea8
1package middleware 2 3import ( 4 "fmt" 5 "net/http" 6 "net/url" 7 8 "tangled.org/core/appview/oauth" 9 "tangled.org/core/appview/session" 10 "tangled.org/core/log" 11) 12 13// WithSession resumes atp session from cookie, ensure it's not malformed and 14// pass the session through context 15func WithSession(o *oauth.OAuth) middlewareFunc { 16 return func(next http.Handler) http.Handler { 17 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 18 atSess, err := o.ResumeSession(r) 19 if err != nil { 20 next.ServeHTTP(w, r) 21 return 22 } 23 24 registry := o.GetAccounts(r) 25 sess := session.Session{ 26 User: &oauth.MultiAccountUser{ 27 Did: atSess.Data.AccountDID.String(), 28 Accounts: registry.Accounts, 29 }, 30 AtpClient: atSess.APIClient(), 31 } 32 ctx := session.IntoContext(r.Context(), sess) 33 next.ServeHTTP(w, r.WithContext(ctx)) 34 }) 35 } 36} 37 38// AuthMiddleware ensures the request is authorized and redirect to login page 39// when unauthorized 40func AuthMiddleware() middlewareFunc { 41 return func(next http.Handler) http.Handler { 42 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 43 ctx := r.Context() 44 l := log.FromContext(ctx) 45 46 returnURL := "/" 47 if u, err := url.Parse(r.Header.Get("Referer")); err == nil { 48 returnURL = u.RequestURI() 49 } 50 51 loginURL := fmt.Sprintf("/login?return_url=%s", url.QueryEscape(returnURL)) 52 53 if _, ok := session.FromContext(ctx); !ok { 54 l.Debug("no session, redirecting...") 55 if r.Header.Get("HX-Request") == "true" { 56 w.Header().Set("HX-Redirect", loginURL) 57 w.WriteHeader(http.StatusOK) 58 } else { 59 http.Redirect(w, r, loginURL, http.StatusTemporaryRedirect) 60 } 61 return 62 } 63 64 next.ServeHTTP(w, r) 65 }) 66 } 67}