aboutsummaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
Diffstat (limited to 'pkg')
-rw-r--r--pkg/ext/auth.go29
-rw-r--r--pkg/handler/git/handler.go13
-rw-r--r--pkg/handler/router.go1
-rw-r--r--pkg/u/list.go14
4 files changed, 55 insertions, 2 deletions
diff --git a/pkg/ext/auth.go b/pkg/ext/auth.go
index 304f4ad..5c3070e 100644
--- a/pkg/ext/auth.go
+++ b/pkg/ext/auth.go
@@ -6,6 +6,8 @@ import (
"errors"
"log/slog"
"net/http"
+
+ serverconfig "git.gabrielgio.me/cerrado/pkg/config"
)
type authService interface {
@@ -20,6 +22,25 @@ func DisableAuthentication(next http.HandlerFunc) http.HandlerFunc {
}
}
+func VerifyRespository(
+ config *serverconfig.ConfigurationRepository,
+) func(next http.HandlerFunc) http.HandlerFunc {
+ return func(next http.HandlerFunc) http.HandlerFunc {
+ return func(w http.ResponseWriter, r *http.Request) {
+ name := r.PathValue("name")
+ if name != "" {
+ repo := config.GetByName(name)
+ if repo != nil && !repo.Public && !IsLoggedIn(r.Context()) {
+ NotFound(w, r)
+ return
+ }
+ }
+
+ next(w, r)
+ }
+ }
+}
+
func Authenticate(auth authService) func(next http.HandlerFunc) http.HandlerFunc {
return func(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
@@ -28,6 +49,7 @@ func Authenticate(auth authService) func(next http.HandlerFunc) http.HandlerFunc
if !errors.Is(err, http.ErrNoCookie) {
slog.Error("Error loading cookie", "error", err)
}
+
next(w, r)
return
}
@@ -47,10 +69,15 @@ func Authenticate(auth authService) func(next http.HandlerFunc) http.HandlerFunc
}
ctx := r.Context()
- ctx = context.WithValue(ctx, "logged", true)
+ ctx = context.WithValue(ctx, "logged", valid)
slog.Info("Validated token", "valid?", valid)
next(w, r.WithContext(ctx))
}
}
}
+
+func IsLoggedIn(ctx context.Context) bool {
+ t, ok := ctx.Value("logged").(bool)
+ return ok && t
+}
diff --git a/pkg/handler/git/handler.go b/pkg/handler/git/handler.go
index 4276159..6225b1a 100644
--- a/pkg/handler/git/handler.go
+++ b/pkg/handler/git/handler.go
@@ -13,6 +13,7 @@ import (
"git.gabrielgio.me/cerrado/pkg/ext"
"git.gabrielgio.me/cerrado/pkg/service"
+ "git.gabrielgio.me/cerrado/pkg/u"
"git.gabrielgio.me/cerrado/templates"
"github.com/alecthomas/chroma/v2"
"github.com/alecthomas/chroma/v2/formatters/html"
@@ -44,11 +45,19 @@ func NewGitHandler(gitService *service.GitService, confRepo configurationReposit
}
func (g *GitHandler) List(w http.ResponseWriter, r *http.Request) error {
+ // this is the only handler that needs to handle authentication itself.
+ // everything else relay on name path parameter
+ logged := ext.IsLoggedIn(r.Context())
+
repos, err := g.gitService.ListRepositories()
if err != nil {
return err
}
+ if !logged {
+ repos = u.Filter(repos, isPublic)
+ }
+
f, err := os.Open(g.config.GetRootReadme())
if err != nil {
return err
@@ -375,3 +384,7 @@ func GetLexers(filename string) chroma.Lexer {
}
return lexer
}
+
+func isPublic(r *service.Repository) bool {
+ return r.Public
+}
diff --git a/pkg/handler/router.go b/pkg/handler/router.go
index 82ee8fd..8d27b74 100644
--- a/pkg/handler/router.go
+++ b/pkg/handler/router.go
@@ -34,6 +34,7 @@ func MountHandler(
mux := ext.NewRouter()
mux.AddMiddleware(ext.Compress)
mux.AddMiddleware(ext.Log)
+ mux.AddMiddleware(ext.VerifyRespository(configRepo))
if configRepo.IsAuthEnabled() {
mux.AddMiddleware(ext.Authenticate(authService))
diff --git a/pkg/u/list.go b/pkg/u/list.go
index 39d7b11..835ecd2 100644
--- a/pkg/u/list.go
+++ b/pkg/u/list.go
@@ -1,5 +1,17 @@
package u
+func Filter[T any](v []T, f func(T) bool) []T {
+ var result []T
+
+ for _, s := range v {
+ if f(s) {
+ result = append(result, s)
+ }
+ }
+
+ return result
+}
+
func First[T any](v []T) (T, bool) {
if len(v) == 0 {
var zero T
@@ -25,7 +37,7 @@ func LastOrZero[T any](v []T) T {
}
func ChunkBy[T any](items []T, chunkSize int) [][]T {
- var chunks = make([][]T, 0, (len(items)/chunkSize)+1)
+ chunks := make([][]T, 0, (len(items)/chunkSize)+1)
for chunkSize < len(items) {
items, chunks = items[chunkSize:], append(chunks, items[0:chunkSize:chunkSize])
}