gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-09-10 15:14:22 +08:00
Code Issues Projects Releases Packages Wiki Activity

adding returns for auth to remove superfluous writeheader calls

Browse source
This commit is contained in:
afeiszli 2021-03-26 16:13:51 -04:00
parent 67157f4bdc
commit 2063b3dcdc
2 changed files with 29 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
controllers/nodeHttpController.go
View file

@ -53,15 +53,18 @@ func authenticate(response http.ResponseWriter, request *http.Request) {
if decoderErr != nil { if decoderErr != nil {
returnErrorResponse(response, request, errorResponse) returnErrorResponse(response, request, errorResponse)
} else { return
} else {
errorResponse.Code = http.StatusBadRequest errorResponse.Code = http.StatusBadRequest
if authRequest.MacAddress == "" { if authRequest.MacAddress == "" {
errorResponse.Message = "W1R3: MacAddress can't be empty" errorResponse.Message = "W1R3: MacAddress can't be empty"
returnErrorResponse(response, request, errorResponse) returnErrorResponse(response, request, errorResponse)
return
} else if authRequest.Password == "" { } else if authRequest.Password == "" {
errorResponse.Message = "W1R3: Password can't be empty" errorResponse.Message = "W1R3: Password can't be empty"
returnErrorResponse(response, request, errorResponse) returnErrorResponse(response, request, errorResponse)
} else { return
} else {
//Search DB for node with Mac Address. Ignore pending nodes (they should not be able to authenticate with API untill approved). //Search DB for node with Mac Address. Ignore pending nodes (they should not be able to authenticate with API untill approved).
collection := mongoconn.Client.Database("wirecat").Collection("nodes") collection := mongoconn.Client.Database("wirecat").Collection("nodes")
@ -72,6 +75,7 @@ func authenticate(response http.ResponseWriter, request *http.Request) {
if err != nil { if err != nil {
returnErrorResponse(response, request, errorResponse) returnErrorResponse(response, request, errorResponse)
return
} }
//compare password from request to stored password in database //compare password from request to stored password in database
@ -80,12 +84,14 @@ func authenticate(response http.ResponseWriter, request *http.Request) {
err = bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(authRequest.Password)) err = bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(authRequest.Password))
if err != nil { if err != nil {
returnErrorResponse(response, request, errorResponse) returnErrorResponse(response, request, errorResponse)
return
} else { } else {
//Create a new JWT for the node //Create a new JWT for the node
tokenString, _ := functions.CreateJWT(authRequest.MacAddress, result.Group) tokenString, _ := functions.CreateJWT(authRequest.MacAddress, result.Group)
if tokenString == "" { if tokenString == "" {
returnErrorResponse(response, request, errorResponse) returnErrorResponse(response, request, errorResponse)
return
} }
var successResponse = models.SuccessResponse{ var successResponse = models.SuccessResponse{
@ -101,6 +107,7 @@ func authenticate(response http.ResponseWriter, request *http.Request) {
if jsonError != nil { if jsonError != nil {
returnErrorResponse(response, request, errorResponse) returnErrorResponse(response, request, errorResponse)
return
} }
response.Header().Set("Content-Type", "application/json") response.Header().Set("Content-Type", "application/json")
response.Write(successJSONResponse) response.Write(successJSONResponse)
@ -134,6 +141,7 @@ func authorize(groupCheck bool, authGroup string, next http.Handler) http.Handle
Code: http.StatusNotFound, Message: "W1R3: This group does not exist. ", Code: http.StatusNotFound, Message: "W1R3: This group does not exist. ",
} }
returnErrorResponse(w, r, errorResponse) returnErrorResponse(w, r, errorResponse)
return
} else { } else {
@ -155,7 +163,8 @@ func authorize(groupCheck bool, authGroup string, next http.Handler) http.Handle
Code: http.StatusUnauthorized, Message: "W1R3: Missing Auth Token.", Code: http.StatusUnauthorized, Message: "W1R3: Missing Auth Token.",
} }
returnErrorResponse(w, r, errorResponse) returnErrorResponse(w, r, errorResponse)
} return
}
//This checks if //This checks if
@ -169,6 +178,7 @@ func authorize(groupCheck bool, authGroup string, next http.Handler) http.Handle
Code: http.StatusUnauthorized, Message: "W1R3: Error Verifying Auth Token.", Code: http.StatusUnauthorized, Message: "W1R3: Error Verifying Auth Token.",
} }
returnErrorResponse(w, r, errorResponse) returnErrorResponse(w, r, errorResponse)
return
} }
var isAuthorized = false var isAuthorized = false
@ -192,6 +202,7 @@ func authorize(groupCheck bool, authGroup string, next http.Handler) http.Handle
Code: http.StatusUnauthorized, Message: "W1R3: Missing Auth Token.", Code: http.StatusUnauthorized, Message: "W1R3: Missing Auth Token.",
} }
returnErrorResponse(w, r, errorResponse) returnErrorResponse(w, r, errorResponse)
return
} }
isAuthorized = (node.Group == params["group"]) isAuthorized = (node.Group == params["group"])
case "node": case "node":
@ -207,6 +218,7 @@ func authorize(groupCheck bool, authGroup string, next http.Handler) http.Handle
Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.", Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.",
} }
returnErrorResponse(w, r, errorResponse) returnErrorResponse(w, r, errorResponse)
return
} else { } else {
//If authorized, this function passes along it's request and output to the appropriate route function. //If authorized, this function passes along it's request and output to the appropriate route function.
next.ServeHTTP(w, r) next.ServeHTTP(w, r)

14
controllers/userHttpController.go
View file

@ -46,14 +46,17 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
if decoderErr != nil { if decoderErr != nil {
returnErrorResponse(response, request, errorResponse) returnErrorResponse(response, request, errorResponse)
return
} else { } else {
errorResponse.Code = http.StatusBadRequest errorResponse.Code = http.StatusBadRequest
if authRequest.UserName == "" { if authRequest.UserName == "" {
errorResponse.Message = "W1R3: Username can't be empty" errorResponse.Message = "W1R3: Username can't be empty"
returnErrorResponse(response, request, errorResponse) returnErrorResponse(response, request, errorResponse)
return
} else if authRequest.Password == "" { } else if authRequest.Password == "" {
errorResponse.Message = "W1R3: Password can't be empty" errorResponse.Message = "W1R3: Password can't be empty"
returnErrorResponse(response, request, errorResponse) returnErrorResponse(response, request, errorResponse)
return
} else { } else {
//Search DB for node with Mac Address. Ignore pending nodes (they should not be able to authenticate with API untill approved). //Search DB for node with Mac Address. Ignore pending nodes (they should not be able to authenticate with API untill approved).
@ -64,7 +67,9 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
defer cancel() defer cancel()
if err != nil { if err != nil {
errorResponse.Message = "W1R3: User " + authRequest.UserName + " not found."
returnErrorResponse(response, request, errorResponse) returnErrorResponse(response, request, errorResponse)
return
} }
//compare password from request to stored password in database //compare password from request to stored password in database
@ -72,13 +77,18 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
//TODO: Consider a way of hashing the password client side before sending, or using certificates //TODO: Consider a way of hashing the password client side before sending, or using certificates
err = bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(authRequest.Password)) err = bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(authRequest.Password))
if err != nil { if err != nil {
errorResponse = models.ErrorResponse{
Code: http.StatusUnauthorized, Message: "W1R3: Wrong Password.",
}
returnErrorResponse(response, request, errorResponse) returnErrorResponse(response, request, errorResponse)
return
} else { } else {
//Create a new JWT for the node //Create a new JWT for the node
tokenString, _ := functions.CreateUserJWT(authRequest.UserName, result.IsAdmin) tokenString, _ := functions.CreateUserJWT(authRequest.UserName, result.IsAdmin)
if tokenString == "" { if tokenString == "" {
returnErrorResponse(response, request, errorResponse) returnErrorResponse(response, request, errorResponse)
return
} }
var successResponse = models.SuccessResponse{ var successResponse = models.SuccessResponse{
@ -94,6 +104,7 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
if jsonError != nil { if jsonError != nil {
returnErrorResponse(response, request, errorResponse) returnErrorResponse(response, request, errorResponse)
return
} }
response.Header().Set("Content-Type", "application/json") response.Header().Set("Content-Type", "application/json")
response.Write(successJSONResponse) response.Write(successJSONResponse)
@ -134,6 +145,7 @@ func authorizeUser(next http.Handler) http.HandlerFunc {
Code: http.StatusUnauthorized, Message: "W1R3: Missing Auth Token.", Code: http.StatusUnauthorized, Message: "W1R3: Missing Auth Token.",
} }
returnErrorResponse(w, r, errorResponse) returnErrorResponse(w, r, errorResponse)
return
} }
//This checks if //This checks if
@ -147,6 +159,7 @@ func authorizeUser(next http.Handler) http.HandlerFunc {
Code: http.StatusUnauthorized, Message: "W1R3: Error Verifying Auth Token.", Code: http.StatusUnauthorized, Message: "W1R3: Error Verifying Auth Token.",
} }
returnErrorResponse(w, r, errorResponse) returnErrorResponse(w, r, errorResponse)
return
} }
isAuthorized := username != "" isAuthorized := username != ""
@ -156,6 +169,7 @@ func authorizeUser(next http.Handler) http.HandlerFunc {
Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.", Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.",
} }
returnErrorResponse(w, r, errorResponse) returnErrorResponse(w, r, errorResponse)
return
} else { } else {
//If authorized, this function passes along it's request and output to the appropriate route function. //If authorized, this function passes along it's request and output to the appropriate route function.
next.ServeHTTP(w, r) next.ServeHTTP(w, r)