1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: Apache-2.0
12 type contextKey string
14 var contextKeyCredentials contextKey = "credentials"
16 // LoadToken wraps the next handler, adding credentials to the request
17 // context so subsequent handlers can access them efficiently via
18 // CredentialsFromRequest.
19 func LoadToken(next http.Handler) http.Handler {
20 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
21 if _, ok := r.Context().Value(contextKeyCredentials).(*Credentials); !ok {
22 r = r.WithContext(context.WithValue(r.Context(), contextKeyCredentials, CredentialsFromRequest(r)))
28 // RequireLiteralToken wraps the next handler, rejecting any request
29 // that doesn't supply the given token. If the given token is empty,
30 // RequireLiteralToken returns next (i.e., no auth checks are
32 func RequireLiteralToken(token string, next http.Handler) http.Handler {
36 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
37 c := CredentialsFromRequest(r)
38 if len(c.Tokens) == 0 {
39 http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
42 for _, t := range c.Tokens {
48 http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)