X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/1d1c6de3c842a33a57b7d469fdaaaa1b873433dc..c0cbdeb1567d4a4f190a01d3fe89aa975e51e47b:/sdk/go/auth/auth.go diff --git a/sdk/go/auth/auth.go b/sdk/go/auth/auth.go index ca4eb948b1..f1c2e243b5 100644 --- a/sdk/go/auth/auth.go +++ b/sdk/go/auth/auth.go @@ -1,6 +1,11 @@ +// Copyright (C) The Arvados Authors. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 + package auth import ( + "context" "encoding/base64" "net/http" "net/url" @@ -11,11 +16,24 @@ type Credentials struct { Tokens []string } -func NewCredentials() *Credentials { - return &Credentials{Tokens: []string{}} +func NewCredentials(tokens ...string) *Credentials { + return &Credentials{Tokens: tokens} +} + +func NewContext(ctx context.Context, c *Credentials) context.Context { + return context.WithValue(ctx, contextKeyCredentials{}, c) +} + +func FromContext(ctx context.Context) (*Credentials, bool) { + c, ok := ctx.Value(contextKeyCredentials{}).(*Credentials) + return c, ok } -func NewCredentialsFromHTTPRequest(r *http.Request) *Credentials { +func CredentialsFromRequest(r *http.Request) *Credentials { + if c, ok := FromContext(r.Context()); ok { + // preloaded by middleware + return c + } c := NewCredentials() c.LoadTokensFromHTTPRequest(r) return c @@ -30,18 +48,18 @@ var EncodeTokenCookie func([]byte) string = base64.URLEncoding.EncodeToString // token. var DecodeTokenCookie func(string) ([]byte, error) = base64.URLEncoding.DecodeString -// LoadTokensFromHttpRequest loads all tokens it can find in the +// LoadTokensFromHTTPRequest loads all tokens it can find in the // headers and query string of an http query. func (a *Credentials) LoadTokensFromHTTPRequest(r *http.Request) { // Load plain token from "Authorization: OAuth2 ..." header // (typically used by smart API clients) - if toks := strings.SplitN(r.Header.Get("Authorization"), " ", 2); len(toks) == 2 && toks[0] == "OAuth2" { + if toks := strings.SplitN(r.Header.Get("Authorization"), " ", 2); len(toks) == 2 && (toks[0] == "OAuth2" || toks[0] == "Bearer") { a.Tokens = append(a.Tokens, toks[1]) } // Load base64-encoded token from "Authorization: Basic ..." // header (typically used by git via credential helper) - if _, password, ok := BasicAuth(r); ok { + if _, password, ok := r.BasicAuth(); ok { a.Tokens = append(a.Tokens, password) } @@ -79,7 +97,21 @@ func (a *Credentials) loadTokenFromCookie(r *http.Request) { a.Tokens = append(a.Tokens, string(token)) } -// TODO: LoadTokensFromHttpRequestBody(). We can't assume in -// LoadTokensFromHttpRequest() that [or how] we should read and parse -// the request body. This has to be requested explicitly by the -// application. +// LoadTokensFromHTTPRequestBody loads credentials from the request +// body. +// +// This is separate from LoadTokensFromHTTPRequest() because it's not +// always desirable to read the request body. This has to be requested +// explicitly by the application. +func (a *Credentials) LoadTokensFromHTTPRequestBody(r *http.Request) error { + if r.Header.Get("Content-Type") != "application/x-www-form-urlencoded" { + return nil + } + if err := r.ParseForm(); err != nil { + return err + } + if t := r.PostFormValue("api_token"); t != "" { + a.Tokens = append(a.Tokens, t) + } + return nil +}