diff options
| author | Till <2353100+S7evinK@users.noreply.github.com> | 2024-08-16 12:37:59 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-16 12:37:59 +0200 |
| commit | 7a4ef240fc8ec97ba957933de3a80e611ad7d1f5 (patch) | |
| tree | c8946995640907a3ea6e64a8a0509a23b696c69e /internal | |
| parent | 8c6cf51b8f6dd0f34ecc0f0b38d5475e2055a297 (diff) | |
Implement MSC3916 (#3397)
Needs https://github.com/matrix-org/gomatrixserverlib/pull/437
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/httputil/httpapi.go | 32 | ||||
| -rw-r--r-- | internal/sqlutil/sqlutil_test.go | 2 |
2 files changed, 31 insertions, 3 deletions
diff --git a/internal/httputil/httpapi.go b/internal/httputil/httpapi.go index c78aadf8..0559fbb7 100644 --- a/internal/httputil/httpapi.go +++ b/internal/httputil/httpapi.go @@ -15,6 +15,7 @@ package httputil import ( + "encoding/json" "fmt" "io" "net/http" @@ -44,6 +45,7 @@ type BasicAuth struct { type AuthAPIOpts struct { GuestAccessAllowed bool + WithAuth bool } // AuthAPIOption is an option to MakeAuthAPI to add additional checks (e.g. guest access) to verify @@ -57,6 +59,13 @@ func WithAllowGuests() AuthAPIOption { } } +// WithAuth is an option to MakeHTTPAPI to add authentication. +func WithAuth() AuthAPIOption { + return func(opts *AuthAPIOpts) { + opts.WithAuth = true + } +} + // MakeAuthAPI turns a util.JSONRequestHandler function into an http.Handler which authenticates the request. func MakeAuthAPI( metricsName string, userAPI userapi.QueryAcccessTokenAPI, @@ -197,13 +206,32 @@ func MakeExternalAPI(metricsName string, f func(*http.Request) util.JSONResponse return http.HandlerFunc(withSpan) } -// MakeHTMLAPI adds Span metrics to the HTML Handler function +// MakeHTTPAPI adds Span metrics to the HTML Handler function // This is used to serve HTML alongside JSON error messages -func MakeHTMLAPI(metricsName string, enableMetrics bool, f func(http.ResponseWriter, *http.Request)) http.Handler { +func MakeHTTPAPI(metricsName string, userAPI userapi.QueryAcccessTokenAPI, enableMetrics bool, f func(http.ResponseWriter, *http.Request), checks ...AuthAPIOption) http.Handler { withSpan := func(w http.ResponseWriter, req *http.Request) { trace, ctx := internal.StartTask(req.Context(), metricsName) defer trace.EndTask() req = req.WithContext(ctx) + + // apply additional checks, if any + opts := AuthAPIOpts{} + for _, opt := range checks { + opt(&opts) + } + + if opts.WithAuth { + logger := util.GetLogger(req.Context()) + _, jsonErr := auth.VerifyUserFromRequest(req, userAPI) + if jsonErr != nil { + w.WriteHeader(jsonErr.Code) + if err := json.NewEncoder(w).Encode(jsonErr.JSON); err != nil { + logger.WithError(err).Error("failed to encode JSON response") + } + return + } + } + f(w, req) } diff --git a/internal/sqlutil/sqlutil_test.go b/internal/sqlutil/sqlutil_test.go index c4075789..93b84aa2 100644 --- a/internal/sqlutil/sqlutil_test.go +++ b/internal/sqlutil/sqlutil_test.go @@ -218,5 +218,5 @@ func assertNoError(t *testing.T, err error, msg string) { if err == nil { return } - t.Fatalf(msg) + t.Fatal(msg) } |