forked from andybalholm/redwood
-
Notifications
You must be signed in to change notification settings - Fork 0
/
api.go
55 lines (45 loc) · 1.61 KB
/
api.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
package main
import (
"log"
"net/http"
)
var apiServeMux = http.NewServeMux()
func init() {
apiServeMux.Handle("/debug/pprof/", http.DefaultServeMux)
apiServeMux.HandleFunc("/proxy.pac", handlePACFile)
apiServeMux.HandleFunc("/reload", handleReload)
apiServeMux.HandleFunc("/classify", handleClassification)
apiServeMux.HandleFunc("/classify/verbose", handleClassification)
apiServeMux.HandleFunc("/classify-text", handleClassifyText)
apiServeMux.HandleFunc("/classify-text/verbose", handleClassifyText)
apiServeMux.HandleFunc("/per-user-ports", handlePerUserPortList)
apiServeMux.HandleFunc("/per-user-ports/authenticate", handlePerUserAuthenticate)
}
func handleAPI(w http.ResponseWriter, r *http.Request) {
conf := getConfig()
authUser := ""
if user, pass, ok := r.BasicAuth(); ok {
if conf.ValidCredentials(user, pass) {
authUser = user
} else {
log.Printf("Incorrect username or password for API request from %v: %s:%s", r.RemoteAddr, user, pass)
}
}
acls := conf.APIACLs.requestACLs(r, authUser)
possibleActions := []string{"allow", "block"}
if authUser == "" {
possibleActions = append(possibleActions, "require-auth")
}
thisRule := conf.APIACLs.ChooseACLAction(acls, possibleActions...)
switch thisRule.Action {
case "require-auth":
w.Header().Set("WWW-Authenticate", `Basic realm="Redwood API"`)
http.Error(w, "Authentication required", http.StatusUnauthorized)
log.Printf("Missing required API authentication from %v to %v", r.RemoteAddr, r.URL)
return
case "block":
http.Error(w, "You do not have access to this page.", http.StatusForbidden)
return
}
apiServeMux.ServeHTTP(w, r)
}