Adding a seam for read/write auth

Author: meatballhat

.example.env

@@ -1,4 +1,2 @@
-#!/bin/bash
-
-export DATABASE_URL="postgres://${PGUSER:-artifacts}:${PGPASSWORD:-dogs}@localhost:5432/artifacts?sslmode=disable"
-export PORT='9839'
+DATABASE_URL='postgres://artifacts:dogs@localhost:5432/artifacts?sslmode=disable'
+PORT='9839'

.gitignore

@@ -21,6 +21,7 @@ _testmain.go
 
 *.exe
 *.test
+/gin-bin
 
 *coverage.*
 *.out

server/error_handler.go

@@ -14,6 +14,16 @@ func (srv *Server) serveError(err error, w http.ResponseWriter, r *http.Request)
 
 	w.WriteHeader(http.StatusInternalServerError)
 	w.Header().Set("Content-Type", "application/vnd.api+json")
-	fmt.Fprintf(w, fmt.Sprintf("{\"error\":%q}", err.Error()))
+	fmt.Fprintf(w, `{"error":%q}`, err.Error())
 	return http.StatusInternalServerError
 }
+
+func (srv *Server) serveUnauthorized(w http.ResponseWriter, r *http.Request) int {
+	srv.log.Warn("serving 401 response")
+
+	w.WriteHeader(http.StatusUnauthorized)
+	w.Header().Set("Content-Type", "application/vnd.api+json")
+	w.Header().Set("WWW-Authenticate", "token")
+	fmt.Fprintf(w, `{"error":"unauthorized"}`)
+	return http.StatusUnauthorized
+}

server/get_path_handler.go

@@ -10,6 +10,10 @@ import (
 )
 
 func (srv *Server) getPathHandler(w http.ResponseWriter, r *http.Request, vars map[string]string) int {
+	if !srv.canRead(r, vars) {
+		return srv.serveUnauthorized(w, r)
+	}
+
 	srv.log.WithFields(logrus.Fields{
 		"slug":     vars["slug"],
 		"filepath": vars["filepath"],

server/list_handler.go

@@ -30,6 +30,10 @@ type listMetadataResponseLinksDataPath struct {
 }
 
 func (srv *Server) listHandler(w http.ResponseWriter, r *http.Request, vars map[string]string) int {
+	if !srv.canRead(r, vars) {
+		return srv.serveUnauthorized(w, r)
+	}
+
 	allMetadata, err := srv.md.LookupAll(vars["job_id"])
 	if err != nil {
 		w.WriteHeader(http.StatusInternalServerError)

server/save_handler.go

@@ -10,6 +10,10 @@ import (
 )
 
 func (srv *Server) saveHandler(w http.ResponseWriter, r *http.Request, vars map[string]string) int {
+	if !srv.canWrite(r, vars) {
+		return srv.serveUnauthorized(w, r)
+	}
+
 	repoSlug, repoSlugOK := vars["slug"]
 	filepath, filepathOK := vars["filepath"]
 	jobID, jobIDOK := vars["job_id"]

server/server.go

@@ -160,3 +160,11 @@ func (srv *Server) getDB() error {
 	srv.md = db
 	return nil
 }
+
+func (srv *Server) canWrite(r *http.Request, vars map[string]string) bool {
+	return true
+}
+
+func (srv *Server) canRead(r *http.Request, vars map[string]string) bool {
+	return true
+}