grafana/pkg/middleware/auth.go

85 lines
1.6 KiB
Go
Raw Normal View History

2014-10-05 14:13:01 -05:00
package middleware
import (
"net/url"
"strings"
2015-01-14 07:25:12 -06:00
"github.com/Unknwon/macaron"
m "github.com/torkelo/grafana-pro/pkg/models"
2015-01-04 14:03:40 -06:00
"github.com/torkelo/grafana-pro/pkg/setting"
2014-10-05 14:13:01 -05:00
)
type AuthOptions struct {
ReqGrafanaAdmin bool
ReqSignedIn bool
}
func getRequestUserId(c *Context) int64 {
userId := c.Session.Get(SESS_KEY_USERID)
2014-10-05 14:13:01 -05:00
if userId != nil {
return userId.(int64)
}
2015-01-16 10:00:31 -06:00
// TODO: figure out a way to secure this
if c.Query("render") == "1" {
userId := c.QueryInt64(SESS_KEY_USERID)
c.Session.Set(SESS_KEY_USERID, userId)
return userId
2014-10-05 14:13:01 -05:00
}
return 0
}
2015-01-27 01:26:11 -06:00
func getApiKey(c *Context) string {
header := c.Req.Header.Get("Authorization")
parts := strings.SplitN(header, " ", 2)
if len(parts) == 2 || parts[0] == "Bearer" {
2015-01-27 01:26:11 -06:00
key := parts[1]
return key
2014-10-05 14:13:01 -05:00
}
return ""
2014-10-05 14:13:01 -05:00
}
func authDenied(c *Context) {
2015-01-14 07:25:12 -06:00
if c.IsApiRequest() {
c.JsonApiErr(401, "Access denied", nil)
return
2015-01-14 07:25:12 -06:00
}
2015-01-04 14:03:40 -06:00
c.Redirect(setting.AppSubUrl + "/login")
2014-10-05 14:13:01 -05:00
}
func RoleAuth(roles ...m.RoleType) macaron.Handler {
return func(c *Context) {
ok := false
for _, role := range roles {
if role == c.AccountRole {
ok = true
break
}
}
if !ok {
authDenied(c)
}
}
}
func Auth(options *AuthOptions) macaron.Handler {
return func(c *Context) {
2015-01-27 08:45:27 -06:00
if !c.IsGrafanaAdmin && options.ReqGrafanaAdmin {
c.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+c.Req.RequestURI), 0, setting.AppSubUrl+"/")
authDenied(c)
return
}
2015-01-27 08:45:27 -06:00
if !c.IsSignedIn && options.ReqSignedIn && !c.HasAnonymousAccess {
c.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+c.Req.RequestURI), 0, setting.AppSubUrl+"/")
authDenied(c)
return
}
2014-10-05 14:13:01 -05:00
}
}