2020-11-13 09:43:17 +00:00
|
|
|
package telebit
|
2020-06-22 06:34:42 +00:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"net/http"
|
|
|
|
|
"strings"
|
|
|
|
|
)
|
|
|
|
|
|
2020-11-13 12:19:12 +00:00
|
|
|
func NewAuthorizer(authURL string) Authorizer {
|
|
|
|
|
return func(r *http.Request) (*Grants, error) {
|
2020-06-22 06:34:42 +00:00
|
|
|
// do we have a valid wss_client?
|
|
|
|
|
|
2020-07-06 09:56:29 +00:00
|
|
|
fmt.Printf("[authz] Authorization = %s\n", r.Header.Get("Authorization"))
|
2020-06-22 06:34:42 +00:00
|
|
|
var tokenString string
|
|
|
|
|
if auth := strings.Split(r.Header.Get("Authorization"), " "); len(auth) > 1 {
|
|
|
|
|
// TODO handle Basic auth tokens as well
|
|
|
|
|
tokenString = auth[1]
|
|
|
|
|
}
|
|
|
|
|
if "" == tokenString {
|
|
|
|
|
// Browsers do not allow Authorization Headers and must use access_token query string
|
|
|
|
|
tokenString = r.URL.Query().Get("access_token")
|
|
|
|
|
}
|
|
|
|
|
if "" != r.URL.Query().Get("access_token") {
|
|
|
|
|
r.URL.Query().Set("access_token", "[redacted]")
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 09:56:29 +00:00
|
|
|
fmt.Printf("[authz] authURL = %s\n", authURL)
|
|
|
|
|
fmt.Printf("[authz] token = %s\n", tokenString)
|
2020-11-13 12:19:12 +00:00
|
|
|
grants, err := Inspect(authURL, tokenString)
|
2020-06-22 06:34:42 +00:00
|
|
|
|
|
|
|
|
if nil != err {
|
2020-07-06 09:56:29 +00:00
|
|
|
fmt.Printf("[authorizer] error inspecting %q: %s\ntoken: %s\n", authURL, err, tokenString)
|
2020-06-22 06:34:42 +00:00
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if "" != r.URL.Query().Get("access_token") {
|
|
|
|
|
r.URL.Query().Set("access_token", "[redacted:"+grants.Subject+"]")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return grants, err
|
|
|
|
|
}
|
|
|
|
|
}
|
