Move middleware to interfaces.
This makes separating middlewares from the core api easier. As an example, the authorization middleware is moved to it's own package. Initialize all static middlewares when the server is created, reducing allocations every time a route is wrapper with the middlewares. Signed-off-by: David Calavera <david.calavera@gmail.com>
This commit is contained in:
David Calavera
parent
f1b04a89ef
commit
08569840c7
1 changed files with 60 additions and 0 deletions
60
authorization/middleware.go
Normal file
60
authorization/middleware.go
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
package authorization
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"github.com/Sirupsen/logrus"
|
||||
"golang.org/x/net/context"
|
||||
)
|
||||
|
||||
// Middleware uses a list of plugins to
|
||||
// handle authorization in the API requests.
|
||||
type Middleware struct {
|
||||
plugins []Plugin
|
||||
}
|
||||
|
||||
// NewMiddleware creates a new Middleware
|
||||
// with a slice of plugins.
|
||||
func NewMiddleware(p []Plugin) Middleware {
|
||||
return Middleware{
|
||||
plugins: p,
|
||||
}
|
||||
}
|
||||
|
||||
// WrapHandler returns a new handler function wrapping the previous one in the request chain.
|
||||
func (m Middleware) WrapHandler(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
||||
return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
||||
|
||||
user := ""
|
||||
userAuthNMethod := ""
|
||||
|
||||
// Default authorization using existing TLS connection credentials
|
||||
// FIXME: Non trivial authorization mechanisms (such as advanced certificate validations, kerberos support
|
||||
// and ldap) will be extracted using AuthN feature, which is tracked under:
|
||||
// https://github.com/docker/docker/pull/20883
|
||||
if r.TLS != nil && len(r.TLS.PeerCertificates) > 0 {
|
||||
user = r.TLS.PeerCertificates[0].Subject.CommonName
|
||||
userAuthNMethod = "TLS"
|
||||
}
|
||||
|
||||
authCtx := NewCtx(m.plugins, user, userAuthNMethod, r.Method, r.RequestURI)
|
||||
|
||||
if err := authCtx.AuthZRequest(w, r); err != nil {
|
||||
logrus.Errorf("AuthZRequest for %s %s returned error: %s", r.Method, r.RequestURI, err)
|
||||
return err
|
||||
}
|
||||
|
||||
rw := NewResponseModifier(w)
|
||||
|
||||
if err := handler(ctx, rw, r, vars); err != nil {
|
||||
logrus.Errorf("Handler for %s %s returned error: %s", r.Method, r.RequestURI, err)
|
||||
return err
|
||||
}
|
||||
|
||||
if err := authCtx.AuthZResponse(rw, r); err != nil {
|
||||
logrus.Errorf("AuthZResponse for %s %s returned error: %s", r.Method, r.RequestURI, err)
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
}
|
||||
Loading…
Reference in a new issue