-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauth_file.go
94 lines (85 loc) · 2.39 KB
/
auth_file.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
package main
import (
"errors"
"net/http"
"os"
"regexp"
"strconv"
)
func init() {
addAuthMethod("File", func(check string, roles []string) (Authenticator, error) {
return newFileAuthenticator(check, roles)
})
}
type FileAuthenticator struct {
PathTemplate string
NoFile bool
FilePath string
PathRe *regexp.Regexp
roles []string
}
var ErrNoSubgroups = errors.New("no subgroup references")
func newFileAuthenticator(check string, roles []string) (fa *FileAuthenticator, err error) {
fa = &FileAuthenticator{roles: roles}
options, check := parseCurlyParams(check)
var haveOpt bool
if fa.PathTemplate, haveOpt = options["re-path"]; haveOpt {
fa.PathRe, err = regexp.Compile(check)
if err != nil {
logf(nil, logLevelFatal, "Cannot compile %#v as regular expression: ", err)
return nil, err
}
if !subgroupMatchRe.MatchString(fa.PathTemplate) {
logf(nil, logLevelFatal, "re-path option does not contain any $<nr> subgroup references")
return nil, ErrNoSubgroups
}
} else {
fa.FilePath = check
}
if nfStr, haveOpt := options["nofile"]; haveOpt {
if fa.NoFile, err = strconv.ParseBool(nfStr); err != nil {
logf(nil, logLevelFatal, "nofile parameter is not boolean")
return
}
}
return fa, nil
}
func (fa *FileAuthenticator) hasRequestedRoles(rolesToCheck map[string]interface{}) bool {
for _, role := range fa.roles {
if _, inRequested := rolesToCheck[role]; inRequested {
return true
}
}
return false
}
func (fa *FileAuthenticator) GetRoles(req *http.Request, rolesToCheck map[string]interface{}) (roles []string, err error) {
roles = make([]string, 0)
if rolesToCheck != nil && !fa.hasRequestedRoles(rolesToCheck) {
return
}
filePath := fa.FilePath
if fa.PathRe != nil {
match := fa.PathRe.FindStringSubmatch(req.URL.Path)
if match == nil {
return
}
grpNumErr := 0
filePath = subgroupMatchRe.ReplaceAllStringFunc(fa.PathTemplate, func(s string) string {
grp, _ := strconv.ParseInt(s[1:], 10, 0)
if int(grp) >= len(match) {
grpNumErr = int(grp)
return s
}
return match[grp]
})
if grpNumErr > 0 {
logf(req, logLevelError, "Filepath ACL regexp match %#v for %#v does not enough groups: %#v", match, roles, grpNumErr)
return
}
}
_, statErr := os.Stat(filePath)
if (statErr == nil && !fa.NoFile) || (fa.NoFile && statErr != nil && os.IsNotExist(statErr)) {
roles = append(roles, fa.roles...)
}
return
}