diff options
-rw-r--r-- | pkg/ext/auth.go | 29 | ||||
-rw-r--r-- | pkg/handler/git/handler.go | 13 | ||||
-rw-r--r-- | pkg/handler/router.go | 1 | ||||
-rw-r--r-- | pkg/u/list.go | 14 |
4 files changed, 55 insertions, 2 deletions
diff --git a/pkg/ext/auth.go b/pkg/ext/auth.go index 304f4ad..5c3070e 100644 --- a/pkg/ext/auth.go +++ b/pkg/ext/auth.go @@ -6,6 +6,8 @@ import ( "errors" "log/slog" "net/http" + + serverconfig "git.gabrielgio.me/cerrado/pkg/config" ) type authService interface { @@ -20,6 +22,25 @@ func DisableAuthentication(next http.HandlerFunc) http.HandlerFunc { } } +func VerifyRespository( + config *serverconfig.ConfigurationRepository, +) func(next http.HandlerFunc) http.HandlerFunc { + return func(next http.HandlerFunc) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + name := r.PathValue("name") + if name != "" { + repo := config.GetByName(name) + if repo != nil && !repo.Public && !IsLoggedIn(r.Context()) { + NotFound(w, r) + return + } + } + + next(w, r) + } + } +} + func Authenticate(auth authService) func(next http.HandlerFunc) http.HandlerFunc { return func(next http.HandlerFunc) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { @@ -28,6 +49,7 @@ func Authenticate(auth authService) func(next http.HandlerFunc) http.HandlerFunc if !errors.Is(err, http.ErrNoCookie) { slog.Error("Error loading cookie", "error", err) } + next(w, r) return } @@ -47,10 +69,15 @@ func Authenticate(auth authService) func(next http.HandlerFunc) http.HandlerFunc } ctx := r.Context() - ctx = context.WithValue(ctx, "logged", true) + ctx = context.WithValue(ctx, "logged", valid) slog.Info("Validated token", "valid?", valid) next(w, r.WithContext(ctx)) } } } + +func IsLoggedIn(ctx context.Context) bool { + t, ok := ctx.Value("logged").(bool) + return ok && t +} diff --git a/pkg/handler/git/handler.go b/pkg/handler/git/handler.go index 4276159..6225b1a 100644 --- a/pkg/handler/git/handler.go +++ b/pkg/handler/git/handler.go @@ -13,6 +13,7 @@ import ( "git.gabrielgio.me/cerrado/pkg/ext" "git.gabrielgio.me/cerrado/pkg/service" + "git.gabrielgio.me/cerrado/pkg/u" "git.gabrielgio.me/cerrado/templates" "github.com/alecthomas/chroma/v2" "github.com/alecthomas/chroma/v2/formatters/html" @@ -44,11 +45,19 @@ func NewGitHandler(gitService *service.GitService, confRepo configurationReposit } func (g *GitHandler) List(w http.ResponseWriter, r *http.Request) error { + // this is the only handler that needs to handle authentication itself. + // everything else relay on name path parameter + logged := ext.IsLoggedIn(r.Context()) + repos, err := g.gitService.ListRepositories() if err != nil { return err } + if !logged { + repos = u.Filter(repos, isPublic) + } + f, err := os.Open(g.config.GetRootReadme()) if err != nil { return err @@ -375,3 +384,7 @@ func GetLexers(filename string) chroma.Lexer { } return lexer } + +func isPublic(r *service.Repository) bool { + return r.Public +} diff --git a/pkg/handler/router.go b/pkg/handler/router.go index 82ee8fd..8d27b74 100644 --- a/pkg/handler/router.go +++ b/pkg/handler/router.go @@ -34,6 +34,7 @@ func MountHandler( mux := ext.NewRouter() mux.AddMiddleware(ext.Compress) mux.AddMiddleware(ext.Log) + mux.AddMiddleware(ext.VerifyRespository(configRepo)) if configRepo.IsAuthEnabled() { mux.AddMiddleware(ext.Authenticate(authService)) diff --git a/pkg/u/list.go b/pkg/u/list.go index 39d7b11..835ecd2 100644 --- a/pkg/u/list.go +++ b/pkg/u/list.go @@ -1,5 +1,17 @@ package u +func Filter[T any](v []T, f func(T) bool) []T { + var result []T + + for _, s := range v { + if f(s) { + result = append(result, s) + } + } + + return result +} + func First[T any](v []T) (T, bool) { if len(v) == 0 { var zero T @@ -25,7 +37,7 @@ func LastOrZero[T any](v []T) T { } func ChunkBy[T any](items []T, chunkSize int) [][]T { - var chunks = make([][]T, 0, (len(items)/chunkSize)+1) + chunks := make([][]T, 0, (len(items)/chunkSize)+1) for chunkSize < len(items) { items, chunks = items[chunkSize:], append(chunks, items[0:chunkSize:chunkSize]) } |