164 lines
5.5 KiB
Go
164 lines
5.5 KiB
Go
package utils
|
|
|
|
import (
|
|
"errors"
|
|
"net/http"
|
|
"strconv"
|
|
)
|
|
|
|
|
|
func LoggedInOnlyWithRedirect(w http.ResponseWriter, req *http.Request) error {
|
|
userNickname := req.Header.Get("x-cosmos-user")
|
|
role, _ := strconv.Atoi(req.Header.Get("x-cosmos-role"))
|
|
mfa, _ := strconv.Atoi(req.Header.Get("x-cosmos-mfa"))
|
|
isUserLoggedIn := role > 0
|
|
|
|
if !isUserLoggedIn || userNickname == "" {
|
|
Error("LoggedInOnlyWithRedirect: User is not logged in", nil)
|
|
http.Redirect(w, req, "/cosmos-ui/login?notlogged=1&redirect="+req.URL.Path, http.StatusFound)
|
|
return errors.New("User not logged in")
|
|
}
|
|
|
|
if(mfa == 1) {
|
|
http.Redirect(w, req, "/cosmos-ui/loginmfa?invalid=1&redirect=" + req.URL.Path + "&" + req.URL.RawQuery, http.StatusTemporaryRedirect)
|
|
return errors.New("User requires MFA")
|
|
} else if(mfa == 2) {
|
|
http.Redirect(w, req, "/cosmos-ui/newmfa?invalid=1&redirect=" + req.URL.Path + "&" + req.URL.RawQuery, http.StatusTemporaryRedirect)
|
|
return errors.New("User requires MFA Setup")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func AdminOnlyWithRedirect(w http.ResponseWriter, req *http.Request) error {
|
|
userNickname := req.Header.Get("x-cosmos-user")
|
|
role, _ := strconv.Atoi(req.Header.Get("x-cosmos-role"))
|
|
mfa, _ := strconv.Atoi(req.Header.Get("x-cosmos-mfa"))
|
|
isUserLoggedIn := role > 0
|
|
isUserAdmin := role > 1
|
|
|
|
if !isUserLoggedIn || userNickname == "" {
|
|
Error("AdminLoggedInOnlyWithRedirect: User is not logged in", nil)
|
|
http.Redirect(w, req, "/cosmos-ui/login?notlogged=1&redirect="+req.URL.Path, http.StatusFound)
|
|
return errors.New("User is not logged")
|
|
}
|
|
|
|
if isUserLoggedIn && !isUserAdmin {
|
|
Error("AdminLoggedInOnly: User is not Authorized", nil)
|
|
HTTPError(w, "User not Authorized", http.StatusUnauthorized, "HTTP004")
|
|
return errors.New("User is not Admin")
|
|
}
|
|
|
|
if(mfa == 1) {
|
|
http.Redirect(w, req, "/cosmos-ui/loginmfa?invalid=1&redirect=" + req.URL.Path + "&" + req.URL.RawQuery, http.StatusTemporaryRedirect)
|
|
return errors.New("User requires MFA")
|
|
} else if(mfa == 2) {
|
|
http.Redirect(w, req, "/cosmos-ui/newmfa?invalid=1&redirect=" + req.URL.Path + "&" + req.URL.RawQuery, http.StatusTemporaryRedirect)
|
|
return errors.New("User requires MFA Setup")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func LoggedInWeakOnly(w http.ResponseWriter, req *http.Request) error {
|
|
userNickname := req.Header.Get("x-cosmos-user")
|
|
role, _ := strconv.Atoi(req.Header.Get("x-cosmos-role"))
|
|
isUserLoggedIn := role > 0
|
|
|
|
if !isUserLoggedIn || userNickname == "" {
|
|
Error("LoggedInOnly: User is not logged in", nil)
|
|
HTTPError(w, "User not logged in", http.StatusUnauthorized, "HTTP004")
|
|
return errors.New("User not logged in")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func LoggedInOnly(w http.ResponseWriter, req *http.Request) error {
|
|
userNickname := req.Header.Get("x-cosmos-user")
|
|
role, _ := strconv.Atoi(req.Header.Get("x-cosmos-role"))
|
|
mfa, _ := strconv.Atoi(req.Header.Get("x-cosmos-mfa"))
|
|
isUserLoggedIn := role > 0
|
|
|
|
if !isUserLoggedIn || userNickname == "" {
|
|
Error("LoggedInOnly: User is not logged in", nil)
|
|
HTTPError(w, "User not logged in", http.StatusUnauthorized, "HTTP004")
|
|
return errors.New("User not logged in")
|
|
}
|
|
|
|
if(mfa == 1) {
|
|
HTTPError(w, "User not logged in (MFA)", http.StatusUnauthorized, "HTTP006")
|
|
return errors.New("User requires MFA")
|
|
} else if(mfa == 2) {
|
|
HTTPError(w, "User requires MFA Setup", http.StatusUnauthorized, "HTTP007")
|
|
return errors.New("User requires MFA Setup")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func AdminOnly(w http.ResponseWriter, req *http.Request) error {
|
|
userNickname := req.Header.Get("x-cosmos-user")
|
|
role, _ := strconv.Atoi(req.Header.Get("x-cosmos-role"))
|
|
mfa, _ := strconv.Atoi(req.Header.Get("x-cosmos-mfa"))
|
|
isUserLoggedIn := role > 0
|
|
isUserAdmin := role > 1
|
|
|
|
if !isUserLoggedIn || userNickname == "" {
|
|
Error("AdminOnly: User is not logged in", nil)
|
|
//http.Redirect(w, req, "/login?notlogged=1&redirect=" + req.URL.Path, http.StatusFound)
|
|
HTTPError(w, "User not logged in", http.StatusUnauthorized, "HTTP004")
|
|
return errors.New("User not logged in")
|
|
}
|
|
|
|
if isUserLoggedIn && !isUserAdmin {
|
|
Error("AdminOnly: User is not admin", nil)
|
|
HTTPError(w, "User unauthorized", http.StatusUnauthorized, "HTTP005")
|
|
return errors.New("User not Admin")
|
|
}
|
|
|
|
if(mfa == 1) {
|
|
HTTPError(w, "User not logged in (MFA)", http.StatusUnauthorized, "HTTP006")
|
|
return errors.New("User requires MFA")
|
|
} else if(mfa == 2) {
|
|
HTTPError(w, "User requires MFA Setup", http.StatusUnauthorized, "HTTP007")
|
|
return errors.New("User requires MFA Setup")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func IsAdmin(req *http.Request) bool {
|
|
role, _ := strconv.Atoi(req.Header.Get("x-cosmos-role"))
|
|
return role > 1
|
|
}
|
|
|
|
func AdminOrItselfOnly(w http.ResponseWriter, req *http.Request, nickname string) error {
|
|
userNickname := req.Header.Get("x-cosmos-user")
|
|
role, _ := strconv.Atoi(req.Header.Get("x-cosmos-role"))
|
|
mfa, _ := strconv.Atoi(req.Header.Get("x-cosmos-mfa"))
|
|
isUserLoggedIn := role > 0
|
|
isUserAdmin := role > 1
|
|
|
|
if !isUserLoggedIn || userNickname == "" {
|
|
Error("AdminOrItselfOnly: User is not logged in", nil)
|
|
HTTPError(w, "User not logged in", http.StatusUnauthorized, "HTTP004")
|
|
return errors.New("User not logged in")
|
|
}
|
|
|
|
if nickname != userNickname && !isUserAdmin {
|
|
Error("AdminOrItselfOnly: User is not admin", nil)
|
|
HTTPError(w, "User unauthorized", http.StatusUnauthorized, "HTTP005")
|
|
return errors.New("User not Admin")
|
|
}
|
|
|
|
if(mfa == 1) {
|
|
HTTPError(w, "User not logged in (MFA)", http.StatusUnauthorized, "HTTP006")
|
|
return errors.New("User requires MFA")
|
|
} else if(mfa == 2) {
|
|
HTTPError(w, "User requires MFA Setup", http.StatusUnauthorized, "HTTP007")
|
|
return errors.New("User requires MFA Setup")
|
|
}
|
|
|
|
return nil
|
|
} |