package api import ( "git.jmbit.de/jmb/patchman/server/database" "git.jmbit.de/jmb/patchman/server/utils" "github.com/gin-gonic/gin" "github.com/google/uuid" "golang.org/x/crypto/bcrypt" "net/http" ) // Handles Auth for the Endpoint route group. // takes the full paths for URLs to bypass as an argument func endpointAuth(bypass []string) gin.HandlerFunc { var endpoint database.Endpoint var err error return func(c *gin.Context) { // Check if URL is in Bypass list. Be careful with those! for _, url := range bypass { if c.FullPath() == url { c.Next() } } endpoint.ID, err = uuid.Parse(c.Request.Header["x-patchman-id"][0]) utils.HandleError(err, http.StatusBadRequest, "Could not parse Endpoint ID", c) secret := c.Request.Header["x-patchman-secret"][0] // Get corresponding Endpoint result := database.DB.First(&endpoint) utils.HandleError(result.Error, http.StatusBadRequest, "Could not find UUID", c) // Compare Secret with hash err = bcrypt.CompareHashAndPassword([]byte(endpoint.SecretHash), []byte(secret)) utils.HandleError(err, http.StatusUnauthorized, "Authentication failed", c) } }