Merge pull request #21897 from calavera/remove_authorization_refs_from_api
Move middleware to interfaces.
This commit is contained in:
Alexander Morozov
commit
ee13b8919d
1 changed files with 60 additions and 0 deletions
60
authorization/middleware.go
Normal file
60
authorization/middleware.go
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
package authorization
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"github.com/Sirupsen/logrus"
|
||||
"golang.org/x/net/context"
|
||||
)
|
||||
|
||||
// Middleware uses a list of plugins to
|
||||
// handle authorization in the API requests.
|
||||
type Middleware struct {
|
||||
plugins []Plugin
|
||||
}
|
||||
|
||||
// NewMiddleware creates a new Middleware
|
||||
// with a slice of plugins.
|
||||
func NewMiddleware(p []Plugin) Middleware {
|
||||
return Middleware{
|
||||
plugins: p,
|
||||
}
|
||||
}
|
||||
|
||||
// WrapHandler returns a new handler function wrapping the previous one in the request chain.
|
||||
func (m Middleware) WrapHandler(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
||||
return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
||||
|
||||
user := ""
|
||||
userAuthNMethod := ""
|
||||
|
||||
// Default authorization using existing TLS connection credentials
|
||||
// FIXME: Non trivial authorization mechanisms (such as advanced certificate validations, kerberos support
|
||||
// and ldap) will be extracted using AuthN feature, which is tracked under:
|
||||
// https://github.com/docker/docker/pull/20883
|
||||
if r.TLS != nil && len(r.TLS.PeerCertificates) > 0 {
|
||||
user = r.TLS.PeerCertificates[0].Subject.CommonName
|
||||
userAuthNMethod = "TLS"
|
||||
}
|
||||
|
||||
authCtx := NewCtx(m.plugins, user, userAuthNMethod, r.Method, r.RequestURI)
|
||||
|
||||
if err := authCtx.AuthZRequest(w, r); err != nil {
|
||||
logrus.Errorf("AuthZRequest for %s %s returned error: %s", r.Method, r.RequestURI, err)
|
||||
return err
|
||||
}
|
||||
|
||||
rw := NewResponseModifier(w)
|
||||
|
||||
if err := handler(ctx, rw, r, vars); err != nil {
|
||||
logrus.Errorf("Handler for %s %s returned error: %s", r.Method, r.RequestURI, err)
|
||||
return err
|
||||
}
|
||||
|
||||
if err := authCtx.AuthZResponse(rw, r); err != nil {
|
||||
logrus.Errorf("AuthZResponse for %s %s returned error: %s", r.Method, r.RequestURI, err)
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
}
|
||||
Loading…
Reference in a new issue