github
/
statping
mirror of https://github.com/statping/statping
1
0
Fork 0
Code Issues Releases Wiki Activity

api auth fix

pull/109/head untagged-4b1cd42048450a168b46
Hunter Long 2018-11-30 10:36:13 -08:00
parent 4e15799680
commit 8897f2cccb
9 changed files with 36 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
handlers/api.go
View File

@ -24,8 +24,6 @@ import (
"github.com/hunterlong/statup/types" "github.com/hunterlong/statup/types"
"github.com/hunterlong/statup/utils" "github.com/hunterlong/statup/utils"
"net/http" "net/http"
"os"
"strings"
) )
type apiResponse struct { type apiResponse struct {
@ -38,7 +36,7 @@ type apiResponse struct {
} }
func apiIndexHandler(w http.ResponseWriter, r *http.Request) { func apiIndexHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }
@ -47,7 +45,7 @@ func apiIndexHandler(w http.ResponseWriter, r *http.Request) {
} }
func apiRenewHandler(w http.ResponseWriter, r *http.Request) { func apiRenewHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }
@ -130,23 +128,3 @@ func sendUnauthorizedJson(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusUnauthorized) w.WriteHeader(http.StatusUnauthorized)
json.NewEncoder(w).Encode(output) json.NewEncoder(w).Encode(output)
} }
func isAuthorized(r *http.Request) bool {
utils.Http(r)
if os.Getenv("GO_ENV") == "test" {
return true
}
if IsAuthenticated(r) {
return true
}
var token string
tokens, ok := r.Header["Authorization"]
if ok && len(tokens) >= 1 {
token = tokens[0]
token = strings.TrimPrefix(token, "Bearer ")
}
if token == core.CoreApp.ApiSecret {
return true
}
return false
}

4
handlers/checkin.go
View File

@ -27,7 +27,7 @@ import (
) )
func apiAllCheckinsHandler(w http.ResponseWriter, r *http.Request) { func apiAllCheckinsHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }
@ -41,7 +41,7 @@ func apiAllCheckinsHandler(w http.ResponseWriter, r *http.Request) {
} }
func apiCheckinHandler(w http.ResponseWriter, r *http.Request) { func apiCheckinHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }

14
handlers/handlers.go
View File

@ -27,6 +27,7 @@ import (
"net/http" "net/http"
"os" "os"
"reflect" "reflect"
"strings"
"time" "time"
) )
@ -70,10 +71,19 @@ func IsAuthenticated(r *http.Request) bool {
return true return true
} }
if core.CoreApp == nil { if core.CoreApp == nil {
return false return true
} }
if sessionStore == nil { if sessionStore == nil {
return false return true
}
var token string
tokens, ok := r.Header["Authorization"]
if ok && len(tokens) >= 1 {
token = tokens[0]
token = strings.TrimPrefix(token, "Bearer ")
if token == core.CoreApp.ApiSecret {
return true
}
} }
session, err := sessionStore.Get(r, cookieKey) session, err := sessionStore.Get(r, cookieKey)
if err != nil { if err != nil {

10
handlers/messages.go
View File

@ -50,7 +50,7 @@ func viewMessageHandler(w http.ResponseWriter, r *http.Request) {
} }
func apiAllMessagesHandler(w http.ResponseWriter, r *http.Request) { func apiAllMessagesHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }
@ -64,7 +64,7 @@ func apiAllMessagesHandler(w http.ResponseWriter, r *http.Request) {
} }
func apiMessageCreateHandler(w http.ResponseWriter, r *http.Request) { func apiMessageCreateHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }
@ -85,7 +85,7 @@ func apiMessageCreateHandler(w http.ResponseWriter, r *http.Request) {
} }
func apiMessageGetHandler(w http.ResponseWriter, r *http.Request) { func apiMessageGetHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }
@ -100,7 +100,7 @@ func apiMessageGetHandler(w http.ResponseWriter, r *http.Request) {
} }
func apiMessageDeleteHandler(w http.ResponseWriter, r *http.Request) { func apiMessageDeleteHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }
@ -119,7 +119,7 @@ func apiMessageDeleteHandler(w http.ResponseWriter, r *http.Request) {
} }
func apiMessageUpdateHandler(w http.ResponseWriter, r *http.Request) { func apiMessageUpdateHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }

6
handlers/notifications.go
View File

@ -27,7 +27,7 @@ import (
) )
func apiNotifiersHandler(w http.ResponseWriter, r *http.Request) { func apiNotifiersHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }
@ -41,7 +41,7 @@ func apiNotifiersHandler(w http.ResponseWriter, r *http.Request) {
} }
func apiNotifierGetHandler(w http.ResponseWriter, r *http.Request) { func apiNotifierGetHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }
@ -56,7 +56,7 @@ func apiNotifierGetHandler(w http.ResponseWriter, r *http.Request) {
} }
func apiNotifierUpdateHandler(w http.ResponseWriter, r *http.Request) { func apiNotifierUpdateHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }

2
handlers/plugins.go
View File

@ -27,7 +27,7 @@ type PluginSelect struct {
} }
func pluginSavedHandler(w http.ResponseWriter, r *http.Request) { func pluginSavedHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
http.Redirect(w, r, "/", http.StatusSeeOther) http.Redirect(w, r, "/", http.StatusSeeOther)
return return
} }

2
handlers/prometheus.go
View File

@ -33,7 +33,7 @@ import (
// //
func prometheusHandler(w http.ResponseWriter, r *http.Request) { func prometheusHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
http.Redirect(w, r, "/", http.StatusSeeOther) http.Redirect(w, r, "/", http.StatusSeeOther)
return return
} }

10
handlers/services.go
View File

@ -119,7 +119,7 @@ func servicesViewHandler(w http.ResponseWriter, r *http.Request) {
} }
func apiServiceHandler(w http.ResponseWriter, r *http.Request) { func apiServiceHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }
@ -135,7 +135,7 @@ func apiServiceHandler(w http.ResponseWriter, r *http.Request) {
} }
func apiCreateServiceHandler(w http.ResponseWriter, r *http.Request) { func apiCreateServiceHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }
@ -156,7 +156,7 @@ func apiCreateServiceHandler(w http.ResponseWriter, r *http.Request) {
} }
func apiServiceUpdateHandler(w http.ResponseWriter, r *http.Request) { func apiServiceUpdateHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }
@ -220,7 +220,7 @@ func apiServicePingDataHandler(w http.ResponseWriter, r *http.Request) {
} }
func apiServiceDeleteHandler(w http.ResponseWriter, r *http.Request) { func apiServiceDeleteHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }
@ -239,7 +239,7 @@ func apiServiceDeleteHandler(w http.ResponseWriter, r *http.Request) {
} }
func apiAllServicesHandler(w http.ResponseWriter, r *http.Request) { func apiAllServicesHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }

10
handlers/users.go
View File

@ -48,7 +48,7 @@ func usersEditHandler(w http.ResponseWriter, r *http.Request) {
} }
func apiUserHandler(w http.ResponseWriter, r *http.Request) { func apiUserHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }
@ -64,7 +64,7 @@ func apiUserHandler(w http.ResponseWriter, r *http.Request) {
} }
func apiUserUpdateHandler(w http.ResponseWriter, r *http.Request) { func apiUserUpdateHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }
@ -88,7 +88,7 @@ func apiUserUpdateHandler(w http.ResponseWriter, r *http.Request) {
} }
func apiUserDeleteHandler(w http.ResponseWriter, r *http.Request) { func apiUserDeleteHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }
@ -112,7 +112,7 @@ func apiUserDeleteHandler(w http.ResponseWriter, r *http.Request) {
} }
func apiAllUsersHandler(w http.ResponseWriter, r *http.Request) { func apiAllUsersHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }
@ -126,7 +126,7 @@ func apiAllUsersHandler(w http.ResponseWriter, r *http.Request) {
} }
func apiCreateUsersHandler(w http.ResponseWriter, r *http.Request) { func apiCreateUsersHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthorized(r) { if !IsAuthenticated(r) {
sendUnauthorizedJson(w, r) sendUnauthorizedJson(w, r)
return return
} }