chore(tfstated): refactor middlewares

2025-01-03 00:54:15 +01:00 · 2025-01-03 00:54:15 +01:00 · c18d03d404
commit c18d03d404
parent 24bca7067b
6 changed files with 3 additions and 3 deletions
--- a/pkg/middlewares/basic_auth/middleware.go
+++ b/pkg/middlewares/basic_auth/middleware.go
@ -0,0 +1,39 @@
+package basic_auth
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"git.adyxax.org/adyxax/tfstated/pkg/database"
+	"git.adyxax.org/adyxax/tfstated/pkg/helpers"
+	"git.adyxax.org/adyxax/tfstated/pkg/model"
+)
+
+func Middleware(db *database.DB) func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			username, password, ok := r.BasicAuth()
+			if !ok {
+				w.Header().Set("WWW-Authenticate", `Basic realm="tfstated", charset="UTF-8"`)
+				helpers.ErrorResponse(w, http.StatusUnauthorized, fmt.Errorf("Unauthorized"))
+				return
+			}
+			account, err := db.LoadAccountByUsername(username)
+			if err != nil {
+				helpers.ErrorResponse(w, http.StatusInternalServerError, err)
+				return
+			}
+			if account == nil || !account.CheckPassword(password) {
+				helpers.ErrorResponse(w, http.StatusForbidden, fmt.Errorf("Forbidden"))
+				return
+			}
+			if err := db.TouchAccount(account); err != nil {
+				helpers.ErrorResponse(w, http.StatusInternalServerError, err)
+				return
+			}
+			ctx := context.WithValue(r.Context(), model.AccountContextKey{}, account)
+			next.ServeHTTP(w, r.WithContext(ctx))
+		})
+	}
+}