diff options
Diffstat (limited to 'pkg/auth/middleware.go')
-rw-r--r-- | pkg/auth/middleware.go | 65 |
1 files changed, 0 insertions, 65 deletions
diff --git a/pkg/auth/middleware.go b/pkg/auth/middleware.go deleted file mode 100644 index 280ceeb..0000000 --- a/pkg/auth/middleware.go +++ /dev/null @@ -1,65 +0,0 @@ -package auth - -import ( - "0xacab.org/leap/vpnweb/pkg/auth/sip2" - "0xacab.org/leap/vpnweb/pkg/config" - "0xacab.org/leap/vpnweb/pkg/web" - "github.com/auth0/go-jwt-middleware" - "github.com/dgrijalva/jwt-go" - "log" - "net/http" -) - -const ( - anonAuth = "anon" - sip2Auth = "sip" -) - -func bailOnBadAuthModule(module string) { - log.Fatal("Unknown auth module: '", module, "'. Should be one of: ", anonAuth, ", ", sip2Auth, ".") -} - -func checkForAuthSecret(opts *config.Opts) { - if opts.AuthSecret == "" { - log.Fatal("Need to provide a AuthSecret value for SIP Authentication") - } - if len(opts.AuthSecret) < 20 { - log.Fatal("Please provider an AuthSecret longer than 20 chars") - } -} - -func AuthenticatorMiddleware(opts *config.Opts) http.HandlerFunc { - switch opts.Auth { - case anonAuth: - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - http.Error(w, "no authentication in anon mode", http.StatusBadRequest) - }) - case sip2Auth: - checkForAuthSecret(opts) - return sip2.SipAuthenticator(opts) - default: - bailOnBadAuthModule(opts.Auth) - } - return nil -} - -func RestrictedMiddleware(opts *config.Opts, ch web.CertHandler) http.Handler { - - jwtMiddleware := jwtmiddleware.New(jwtmiddleware.Options{ - ValidationKeyGetter: func(token *jwt.Token) (interface{}, error) { - return []byte(opts.AuthSecret), nil - }, - SigningMethod: jwt.SigningMethodHS256, - }) - - switch opts.Auth { - case anonAuth: - return http.HandlerFunc(ch.CertResponder) - case sip2Auth: - checkForAuthSecret(opts) - return jwtMiddleware.Handler(http.HandlerFunc(ch.CertResponder)) - default: - bailOnBadAuthModule(opts.Auth) - } - return nil -} |