package api import ( "context" "net/http" "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth" "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors" "github.com/gorilla/mux" "go.uber.org/zap" ) // KeyWrapper is wrapper for context keys. type KeyWrapper string // AuthHeaders is a wrapper for authentication headers of a request. var AuthHeaders = KeyWrapper("__context_auth_headers_key") // BoxData is an ID used to store accessbox.Box in a context. var BoxData = KeyWrapper("__context_box_key") // ClientTime is an ID used to store client time.Time in a context. var ClientTime = KeyWrapper("__context_client_time") // AuthMiddleware adds user authentication via center to router using log for logging. func AuthMiddleware(log *zap.Logger, center auth.Center) mux.MiddlewareFunc { return func(h http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { ctx := r.Context() box, err := center.Authenticate(r) if err != nil { if err == auth.ErrNoAuthorizationHeader { reqLogOrDefault(ctx, log).Debug("couldn't receive access box for gate key, random key will be used") } else { reqLogOrDefault(ctx, log).Error("failed to pass authentication", zap.Error(err)) if _, ok := err.(errors.Error); !ok { err = errors.GetAPIError(errors.ErrAccessDenied) } WriteErrorResponse(w, GetReqInfo(r.Context()), err) return } } else { ctx = context.WithValue(ctx, BoxData, box.AccessBox) if !box.ClientTime.IsZero() { ctx = context.WithValue(ctx, ClientTime, box.ClientTime) } ctx = context.WithValue(ctx, AuthHeaders, box.AuthHeaders) } h.ServeHTTP(w, r.WithContext(ctx)) }) } } func reqLogOrDefault(ctx context.Context, log *zap.Logger) *zap.Logger { reqLog := GetReqLog(ctx) if reqLog != nil { return reqLog } return log }