2023-10-26 17:26:09 +02:00
|
|
|
package api
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"git.jmbit.de/jmb/patchman/server/database"
|
2023-10-26 18:31:57 +02:00
|
|
|
"git.jmbit.de/jmb/patchman/server/utils"
|
2023-10-26 17:26:09 +02:00
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
|
"github.com/google/uuid"
|
|
|
|
|
"golang.org/x/crypto/bcrypt"
|
|
|
|
|
"net/http"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// Handles Auth for the Endpoint route group.
|
|
|
|
|
// takes the full paths for URLs to bypass as an argument
|
|
|
|
|
func endpointAuth(bypass []string) gin.HandlerFunc {
|
|
|
|
|
var endpoint database.Endpoint
|
|
|
|
|
var err error
|
|
|
|
|
return func(c *gin.Context) {
|
|
|
|
|
// Check if URL is in Bypass list. Be careful with those!
|
|
|
|
|
for _, url := range bypass {
|
|
|
|
|
if c.FullPath() == url {
|
|
|
|
|
c.Next()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
endpoint.ID, err = uuid.Parse(c.Request.Header["x-patchman-id"][0])
|
2023-10-26 18:31:57 +02:00
|
|
|
utils.HandleError(err, http.StatusBadRequest, "Could not parse Endpoint ID", c)
|
2023-10-26 17:26:09 +02:00
|
|
|
|
|
|
|
|
secret := c.Request.Header["x-patchman-secret"][0]
|
|
|
|
|
|
|
|
|
|
// Get corresponding Endpoint
|
|
|
|
|
result := database.DB.First(&endpoint)
|
2023-10-26 18:31:57 +02:00
|
|
|
utils.HandleError(result.Error, http.StatusBadRequest, "Could not find UUID", c)
|
2023-10-26 17:26:09 +02:00
|
|
|
|
|
|
|
|
// Compare Secret with hash
|
|
|
|
|
err = bcrypt.CompareHashAndPassword([]byte(endpoint.SecretHash), []byte(secret))
|
2023-10-26 18:31:57 +02:00
|
|
|
utils.HandleError(err, http.StatusUnauthorized, "Authentication failed", c)
|
2023-10-26 17:26:09 +02:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
}
|
