chronograf/server/auth.go

package server

import (
	"context"
	"net/http"

	"github.com/influxdata/chronograf"
	"github.com/influxdata/chronograf/oauth2"
)

// AuthorizedToken extracts the token and validates; if valid the next handler
// will be run.  The principal will be sent to the next handler via the request's
// Context.  It is up to the next handler to determine if the principal has access.
// On failure, will return http.StatusForbidden.
func AuthorizedToken(auth oauth2.Authenticator, logger chronograf.Logger, next http.Handler) http.HandlerFunc {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		log := logger.
			WithField("component", "auth").
			WithField("remote_addr", r.RemoteAddr).
			WithField("method", r.Method).
			WithField("url", r.URL)

		ctx := r.Context()
		// We do not check the validity of the principal.  Those
		// served further down the chain should do so.
		principal, err := auth.Validate(ctx, r)
		if err != nil {
			log.Error("Invalid principal")
			w.WriteHeader(http.StatusForbidden)
			return
		}

		// Send the principal to the next handler
		ctx = context.WithValue(ctx, oauth2.PrincipalKey, principal)
		next.ServeHTTP(w, r.WithContext(ctx))
		return
	})
}
Move authentication middleware to server package 2017-04-02 22:58:39 +00:00			`package server`
Reorganize OAuth2 Logic Created an oauth2 package which encapsulates all oauth2 providers, utility functions, types, and interfaces. Previously some methods of the Github provider were used as http.HandlerFuncs. These have now been pulled into a concrete type called a JWTMux to implement other Oauth2 providers. JWTMux has all of the functionality required to take a token from any provider and store it as a JWT in a browser, and that is the extent of its responsibilities. It implements the oauth2.Mux interface which would potentially allow other strategies of oauth2 credential storage. 2017-02-14 21:14:24 +00:00
			`import (`
			`"context"`
			`"net/http"`

			`"github.com/influxdata/chronograf"`
Move authentication middleware to server package 2017-04-02 22:58:39 +00:00			`"github.com/influxdata/chronograf/oauth2"`
Reorganize OAuth2 Logic Created an oauth2 package which encapsulates all oauth2 providers, utility functions, types, and interfaces. Previously some methods of the Github provider were used as http.HandlerFuncs. These have now been pulled into a concrete type called a JWTMux to implement other Oauth2 providers. JWTMux has all of the functionality required to take a token from any provider and store it as a JWT in a browser, and that is the extent of its responsibilities. It implements the oauth2.Mux interface which would potentially allow other strategies of oauth2 credential storage. 2017-02-14 21:14:24 +00:00			`)`

			`// AuthorizedToken extracts the token and validates; if valid the next handler`
			`// will be run. The principal will be sent to the next handler via the request's`
			`// Context. It is up to the next handler to determine if the principal has access.`
Fix authentication comment 2017-04-02 22:59:45 +00:00			`// On failure, will return http.StatusForbidden.`
Move authentication middleware to server package 2017-04-02 22:58:39 +00:00			`func AuthorizedToken(auth oauth2.Authenticator, logger chronograf.Logger, next http.Handler) http.HandlerFunc {`
Reorganize OAuth2 Logic Created an oauth2 package which encapsulates all oauth2 providers, utility functions, types, and interfaces. Previously some methods of the Github provider were used as http.HandlerFuncs. These have now been pulled into a concrete type called a JWTMux to implement other Oauth2 providers. JWTMux has all of the functionality required to take a token from any provider and store it as a JWT in a browser, and that is the extent of its responsibilities. It implements the oauth2.Mux interface which would potentially allow other strategies of oauth2 credential storage. 2017-02-14 21:14:24 +00:00			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`log := logger.`
			`WithField("component", "auth").`
			`WithField("remote_addr", r.RemoteAddr).`
			`WithField("method", r.Method).`
			`WithField("url", r.URL)`

Refactor cookie generation to use an interface 2017-03-30 21:59:00 +00:00			`ctx := r.Context()`
Reorganize OAuth2 Logic Created an oauth2 package which encapsulates all oauth2 providers, utility functions, types, and interfaces. Previously some methods of the Github provider were used as http.HandlerFuncs. These have now been pulled into a concrete type called a JWTMux to implement other Oauth2 providers. JWTMux has all of the functionality required to take a token from any provider and store it as a JWT in a browser, and that is the extent of its responsibilities. It implements the oauth2.Mux interface which would potentially allow other strategies of oauth2 credential storage. 2017-02-14 21:14:24 +00:00			`// We do not check the validity of the principal. Those`
Add unified OAuth2 logout route redirecting to provider logout Signed-off-by: Tim Raymond <tim@timraymond.com> 2017-02-15 22:28:17 +00:00			`// served further down the chain should do so.`
Refactor Authenticator interface to accommodate cookie duration and logout delay 2017-03-31 19:48:34 +00:00			`principal, err := auth.Validate(ctx, r)`
Reorganize OAuth2 Logic Created an oauth2 package which encapsulates all oauth2 providers, utility functions, types, and interfaces. Previously some methods of the Github provider were used as http.HandlerFuncs. These have now been pulled into a concrete type called a JWTMux to implement other Oauth2 providers. JWTMux has all of the functionality required to take a token from any provider and store it as a JWT in a browser, and that is the extent of its responsibilities. It implements the oauth2.Mux interface which would potentially allow other strategies of oauth2 credential storage. 2017-02-14 21:14:24 +00:00			`if err != nil {`
Refactor Authenticator interface to accommodate cookie duration and logout delay 2017-03-31 19:48:34 +00:00			`log.Error("Invalid principal")`
			`w.WriteHeader(http.StatusForbidden)`
Reorganize OAuth2 Logic Created an oauth2 package which encapsulates all oauth2 providers, utility functions, types, and interfaces. Previously some methods of the Github provider were used as http.HandlerFuncs. These have now been pulled into a concrete type called a JWTMux to implement other Oauth2 providers. JWTMux has all of the functionality required to take a token from any provider and store it as a JWT in a browser, and that is the extent of its responsibilities. It implements the oauth2.Mux interface which would potentially allow other strategies of oauth2 credential storage. 2017-02-14 21:14:24 +00:00			`return`
			`}`

			`// Send the principal to the next handler`
Move authentication middleware to server package 2017-04-02 22:58:39 +00:00			`ctx = context.WithValue(ctx, oauth2.PrincipalKey, principal)`
Reorganize OAuth2 Logic Created an oauth2 package which encapsulates all oauth2 providers, utility functions, types, and interfaces. Previously some methods of the Github provider were used as http.HandlerFuncs. These have now been pulled into a concrete type called a JWTMux to implement other Oauth2 providers. JWTMux has all of the functionality required to take a token from any provider and store it as a JWT in a browser, and that is the extent of its responsibilities. It implements the oauth2.Mux interface which would potentially allow other strategies of oauth2 credential storage. 2017-02-14 21:14:24 +00:00			`next.ServeHTTP(w, r.WithContext(ctx))`
			`return`
			`})`
			`}`