patchman/server/api/endpointAuth.go

39 lines
1.1 KiB
Go
Raw Permalink Normal View History

package api
import (
"git.jmbit.de/jmb/patchman/server/database"
2023-10-26 18:31:57 +02:00
"git.jmbit.de/jmb/patchman/server/utils"
"github.com/gin-gonic/gin"
"github.com/google/uuid"
"golang.org/x/crypto/bcrypt"
"net/http"
)
// Handles Auth for the Endpoint route group.
// takes the full paths for URLs to bypass as an argument
func endpointAuth(bypass []string) gin.HandlerFunc {
var endpoint database.Endpoint
var err error
return func(c *gin.Context) {
// Check if URL is in Bypass list. Be careful with those!
for _, url := range bypass {
if c.FullPath() == url {
c.Next()
}
}
endpoint.ID, err = uuid.Parse(c.Request.Header["x-patchman-id"][0])
2023-10-26 18:31:57 +02:00
utils.HandleError(err, http.StatusBadRequest, "Could not parse Endpoint ID", c)
secret := c.Request.Header["x-patchman-secret"][0]
// Get corresponding Endpoint
result := database.DB.First(&endpoint)
2023-10-26 18:31:57 +02:00
utils.HandleError(result.Error, http.StatusBadRequest, "Could not find UUID", c)
// Compare Secret with hash
err = bcrypt.CompareHashAndPassword([]byte(endpoint.SecretHash), []byte(secret))
2023-10-26 18:31:57 +02:00
utils.HandleError(err, http.StatusUnauthorized, "Authentication failed", c)
}
}