access-control: cookie based access control (#934)

* access-control: cookie based access control

* fix isauthorized

handlers/accesscontrol/access-control.go

@@ -8,7 +8,6 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
-	"net/url"
 	"strings"
 	"sync"
 	"time"
@@ -63,7 +62,7 @@ func NewAccessControlHandlersCollection(cli config.Cli) *AccessControlHandlersCo
 func (ac *AccessControlHandlersCollection) HandleUserNew(ctx context.Context, payload *misttriggers.UserNewPayload) (bool, error) {
 	playbackID := payload.StreamName[strings.Index(payload.StreamName, "+")+1:]
 
-	playbackAccessControlAllowed, err := ac.IsAuthorized(playbackID, payload.URL)
+	playbackAccessControlAllowed, err := ac.IsAuthorized(playbackID, payload)
 	if err != nil {
 		glog.Errorf("Unable to get playback access control info for playbackId=%v err=%s", playbackID, err.Error())
 		return false, err
@@ -78,11 +77,21 @@ func (ac *AccessControlHandlersCollection) HandleUserNew(ctx context.Context, pa
 	return false, nil
 }
 
-func (ac *AccessControlHandlersCollection) IsAuthorized(playbackID string, reqURL *url.URL) (bool, error) {
+func (ac *AccessControlHandlersCollection) IsAuthorized(playbackID string, payload *misttriggers.UserNewPayload) (bool, error) {
+
 	acReq := PlaybackAccessControlRequest{Stream: playbackID, Type: "accessKey"}
 	cacheKey := ""
-	accessKey := reqURL.Query().Get("accessKey")
-	jwt := reqURL.Query().Get("jwt")
+	accessKey := payload.URL.Query().Get("accessKey")
+	jwt := payload.URL.Query().Get("jwt")
+
+	if accessKey == "" {
+		accessKey = payload.AccessKey
+	}
+
+	if jwt == "" {
+		jwt = payload.JWT
+	}
+
 	if accessKey != "" {
 		acReq.Type = "accessKey"
 		acReq.AccessKey = accessKey

handlers/misttriggers/user_new.go

@@ -17,6 +17,9 @@ type UserNewPayload struct {
 	URL          *url.URL
 	FullURL      string
 	SessionID    string
+	Cookies      []*http.Cookie
+	AccessKey    string
+	JWT          string
 }
 
 func ParseUserNewPayload(payload MistTriggerBody) (UserNewPayload, error) {
@@ -43,6 +46,14 @@ func ParseUserNewPayload(payload MistTriggerBody) (UserNewPayload, error) {
 
 func (d *MistCallbackHandlersCollection) TriggerUserNew(ctx context.Context, w http.ResponseWriter, req *http.Request, body MistTriggerBody) {
 	payload, err := ParseUserNewPayload(body)
+	cookies := req.Cookies()
+	accessKey := req.Header.Get("X-Livepeer-Access-Key")
+	jwt := req.Header.Get("X-Livepeer-JWT")
+
+	payload.Cookies = cookies // would remove probably when everything's working
+	payload.AccessKey = accessKey
+	payload.JWT = jwt
+
 	if err != nil {
 		glog.Infof("Error parsing USER_NEW payload error=%q payload=%q", err, string(body))
 		w.WriteHeader(http.StatusBadRequest)

middleware/gating.go

@@ -8,6 +8,7 @@ import (
 	"github.com/livepeer/catalyst-api/config"
 	catErrs "github.com/livepeer/catalyst-api/errors"
 	"github.com/livepeer/catalyst-api/handlers/accesscontrol"
+	"github.com/livepeer/catalyst-api/handlers/misttriggers"
 	"github.com/livepeer/catalyst-api/log"
 	"github.com/livepeer/catalyst-api/playback"
 	"github.com/livepeer/catalyst-api/requests"
@@ -31,7 +32,11 @@ func (h *GatingHandler) GatingCheck(next httprouter.Handle) httprouter.Handle {
 		accessKey := req.URL.Query().Get("accessKey")
 		jwt := req.URL.Query().Get("jwt")
 
-		playbackAccessControlAllowed, err := h.AccessControl.IsAuthorized(playbackID, req.URL)
+		payload := misttriggers.UserNewPayload{
+			URL: req.URL,
+		}
+
+		playbackAccessControlAllowed, err := h.AccessControl.IsAuthorized(playbackID, &payload)
 		if err != nil {
 			log.LogError(requestID, "unable to get playback access control info", err, "playbackID", playbackID, "accessKey", accessKey, "jwt", jwt)
 			catErrs.WriteHTTPInternalServerError(w, "error authorizing playback request", nil)