certificates/authority/admin/api/middleware.go

package api

import (
	"context"
	"net/http"

	"github.com/smallstep/certificates/api/render"
	"github.com/smallstep/certificates/authority/admin"
)

type nextHTTP = func(http.ResponseWriter, *http.Request)

// requireAPIEnabled is a middleware that ensures the Administration API
// is enabled before servicing requests.
func requireAPIEnabled(next nextHTTP) nextHTTP {
	return func(w http.ResponseWriter, r *http.Request) {
		if !mustAuthority(r.Context()).IsAdminAPIEnabled() {
			render.Error(w, admin.NewError(admin.ErrorNotImplementedType, "administration API not enabled"))
			return
		}
		next(w, r)
	}
}

// extractAuthorizeTokenAdmin is a middleware that extracts and caches the bearer token.
func extractAuthorizeTokenAdmin(next nextHTTP) nextHTTP {
	return func(w http.ResponseWriter, r *http.Request) {
		tok := r.Header.Get("Authorization")
		if tok == "" {
			render.Error(w, admin.NewError(admin.ErrorUnauthorizedType,
				"missing authorization header token"))
			return
		}

		ctx := r.Context()
		adm, err := mustAuthority(ctx).AuthorizeAdminToken(r, tok)
		if err != nil {
			render.Error(w, err)
			return
		}

		ctx = context.WithValue(ctx, adminContextKey, adm)
		next(w, r.WithContext(ctx))
	}
}

// ContextKey is the key type for storing and searching for ACME request
// essentials in the context of a request.
type ContextKey string

const (
	// adminContextKey account key
	adminContextKey = ContextKey("admin")
)
Admin level API for provisioner mgmt v1 2021-05-03 19:48:20 +00:00			`package api`

			`import (`
			`"context"`
			`"net/http"`

api/render, api/log: initial implementation of the packages (#860) * api/render: initial implementation of the package * acme/api: refactored to support api/render * authority/admin: refactored to support api/render * ca: refactored to support api/render * api: refactored to support api/render * api/render: implemented Error * api: refactored to support api/render.Error * acme/api: refactored to support api/render.Error * authority/admin: refactored to support api/render.Error * ca: refactored to support api/render.Error * ca: fixed broken tests * api/render, api/log: moved error logging to this package * acme: refactored Error so that it implements render.RenderableError * authority/admin: refactored Error so that it implements render.RenderableError * api/render: implemented RenderableError * api/render: added test coverage for Error * api/render: implemented statusCodeFromError * api: refactored RootsPEM to work with render.Error * acme, authority/admin: fixed pointer receiver name for consistency * api/render, errs: moved StatusCoder & StackTracer to the render package 2022-03-30 08:22:22 +00:00			`"github.com/smallstep/certificates/api/render"`
Admin level API for provisioner mgmt v1 2021-05-03 19:48:20 +00:00			`"github.com/smallstep/certificates/authority/admin"`
			`)`

			`type nextHTTP = func(http.ResponseWriter, *http.Request)`

			`// requireAPIEnabled is a middleware that ensures the Administration API`
			`// is enabled before servicing requests.`
Use contexts in admin api handlers 2022-04-27 18:59:32 +00:00			`func requireAPIEnabled(next nextHTTP) nextHTTP {`
Admin level API for provisioner mgmt v1 2021-05-03 19:48:20 +00:00			`return func(w http.ResponseWriter, r *http.Request) {`
Use contexts in admin api handlers 2022-04-27 18:59:32 +00:00			`if !mustAuthority(r.Context()).IsAdminAPIEnabled() {`
			`render.Error(w, admin.NewError(admin.ErrorNotImplementedType, "administration API not enabled"))`
Admin level API for provisioner mgmt v1 2021-05-03 19:48:20 +00:00			`return`
			`}`
			`next(w, r)`
			`}`
			`}`

			`// extractAuthorizeTokenAdmin is a middleware that extracts and caches the bearer token.`
Use contexts in admin api handlers 2022-04-27 18:59:32 +00:00			`func extractAuthorizeTokenAdmin(next nextHTTP) nextHTTP {`
Admin level API for provisioner mgmt v1 2021-05-03 19:48:20 +00:00			`return func(w http.ResponseWriter, r *http.Request) {`
			`tok := r.Header.Get("Authorization")`
Introduce gocritic linter and address warnings 2021-10-08 18:59:57 +00:00			`if tok == "" {`
api/render, api/log: initial implementation of the packages (#860) * api/render: initial implementation of the package * acme/api: refactored to support api/render * authority/admin: refactored to support api/render * ca: refactored to support api/render * api: refactored to support api/render * api/render: implemented Error * api: refactored to support api/render.Error * acme/api: refactored to support api/render.Error * authority/admin: refactored to support api/render.Error * ca: refactored to support api/render.Error * ca: fixed broken tests * api/render, api/log: moved error logging to this package * acme: refactored Error so that it implements render.RenderableError * authority/admin: refactored Error so that it implements render.RenderableError * api/render: implemented RenderableError * api/render: added test coverage for Error * api/render: implemented statusCodeFromError * api: refactored RootsPEM to work with render.Error * acme, authority/admin: fixed pointer receiver name for consistency * api/render, errs: moved StatusCoder & StackTracer to the render package 2022-03-30 08:22:22 +00:00			`render.Error(w, admin.NewError(admin.ErrorUnauthorizedType,`
Admin level API for provisioner mgmt v1 2021-05-03 19:48:20 +00:00			`"missing authorization header token"))`
			`return`
			`}`

Use contexts in admin api handlers 2022-04-27 18:59:32 +00:00			`ctx := r.Context()`
			`adm, err := mustAuthority(ctx).AuthorizeAdminToken(r, tok)`
Admin level API for provisioner mgmt v1 2021-05-03 19:48:20 +00:00			`if err != nil {`
api/render, api/log: initial implementation of the packages (#860) * api/render: initial implementation of the package * acme/api: refactored to support api/render * authority/admin: refactored to support api/render * ca: refactored to support api/render * api: refactored to support api/render * api/render: implemented Error * api: refactored to support api/render.Error * acme/api: refactored to support api/render.Error * authority/admin: refactored to support api/render.Error * ca: refactored to support api/render.Error * ca: fixed broken tests * api/render, api/log: moved error logging to this package * acme: refactored Error so that it implements render.RenderableError * authority/admin: refactored Error so that it implements render.RenderableError * api/render: implemented RenderableError * api/render: added test coverage for Error * api/render: implemented statusCodeFromError * api: refactored RootsPEM to work with render.Error * acme, authority/admin: fixed pointer receiver name for consistency * api/render, errs: moved StatusCoder & StackTracer to the render package 2022-03-30 08:22:22 +00:00			`render.Error(w, err)`
Admin level API for provisioner mgmt v1 2021-05-03 19:48:20 +00:00			`return`
			`}`

Use contexts in admin api handlers 2022-04-27 18:59:32 +00:00			`ctx = context.WithValue(ctx, adminContextKey, adm)`
Admin level API for provisioner mgmt v1 2021-05-03 19:48:20 +00:00			`next(w, r.WithContext(ctx))`
			`}`
			`}`

			`// ContextKey is the key type for storing and searching for ACME request`
			`// essentials in the context of a request.`
			`type ContextKey string`

			`const (`
			`// adminContextKey account key`
			`adminContextKey = ContextKey("admin")`
			`)`