forked from TrueCloudLab/frostfs-s3-gw
38 lines
1.1 KiB
Go
38 lines
1.1 KiB
Go
package middleware
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth"
|
|
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
func Auth(center auth.Center, log *zap.Logger) Func {
|
|
return func(h http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
ctx := r.Context()
|
|
box, err := center.Authenticate(r)
|
|
if err != nil {
|
|
if err == auth.ErrNoAuthorizationHeader {
|
|
reqLogOrDefault(ctx, log).Debug("couldn't receive access box for gate key, random key will be used")
|
|
} else {
|
|
reqLogOrDefault(ctx, log).Error("failed to pass authentication", zap.Error(err))
|
|
if _, ok := err.(errors.Error); !ok {
|
|
err = errors.GetAPIError(errors.ErrAccessDenied)
|
|
}
|
|
WriteErrorResponse(w, GetReqInfo(r.Context()), err)
|
|
return
|
|
}
|
|
} else {
|
|
ctx = SetBoxData(ctx, box.AccessBox)
|
|
if !box.ClientTime.IsZero() {
|
|
ctx = SetClientTime(ctx, box.ClientTime)
|
|
}
|
|
ctx = SetAuthHeaders(ctx, box.AuthHeaders)
|
|
}
|
|
|
|
h.ServeHTTP(w, r.WithContext(ctx))
|
|
})
|
|
}
|
|
}
|