Create public namespaces by adding public=true when registering
breel
parent
c0fc3530fd
commit
0e16340fd2
18
view/auth.go
18
view/auth.go
|
|
@ -36,12 +36,30 @@ func Auth(g storage.Graph, w http.ResponseWriter, r *http.Request) error {
|
|||
}
|
||||
|
||||
func auth(g storage.Graph, w http.ResponseWriter, r *http.Request) error {
|
||||
if isPublic(g, r) {
|
||||
return nil
|
||||
}
|
||||
if !hasAuth(r) {
|
||||
return requestAuth(g, w, r)
|
||||
}
|
||||
return checkAuth(g, w, r)
|
||||
}
|
||||
|
||||
func isPublic(g storage.Graph, r *http.Request) bool {
|
||||
namespace, err := getAuthNamespace(r)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
ones, err := g.List(r.Context(), namespace, UserKey)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
if len(ones) == 0 {
|
||||
return false
|
||||
}
|
||||
return ones[0].Title == ""
|
||||
}
|
||||
|
||||
func hasAuth(r *http.Request) bool {
|
||||
_, err := r.Cookie(AuthKey)
|
||||
return err == nil
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ func registerPost(g storage.Graph, w http.ResponseWriter, r *http.Request) error
|
|||
return nil
|
||||
}
|
||||
password := r.FormValue("password")
|
||||
if len(password) == 0 {
|
||||
if len(password) == 0 && r.URL.Query().Get("public") == "" {
|
||||
http.Error(w, `{"error": "password required"}`, http.StatusBadRequest)
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -59,6 +59,25 @@ func TestRegister(t *testing.T) {
|
|||
}
|
||||
})
|
||||
|
||||
t.Run("register: public", func(t *testing.T) {
|
||||
ns := uuid.New().String()
|
||||
|
||||
r := httptest.NewRequest(http.MethodPost, "/register?public=true&namespace="+ns, strings.NewReader(""))
|
||||
r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
w := httptest.NewRecorder()
|
||||
handler.ServeHTTP(w, r)
|
||||
if w.Code != http.StatusOK {
|
||||
t.Fatalf("%d: %s", w.Code, w.Body.Bytes())
|
||||
}
|
||||
|
||||
r = httptest.NewRequest(http.MethodTrace, "/who?namespace="+ns, nil)
|
||||
w = httptest.NewRecorder()
|
||||
handler.ServeHTTP(w, r)
|
||||
if w.Code != http.StatusOK {
|
||||
t.Fatalf("%d: %s", w.Code, w.Body.Bytes())
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("register", func(t *testing.T) {
|
||||
ns := uuid.New().String()
|
||||
|
||||
|
|
|
|||
|
|
@ -562,7 +562,8 @@ func TestWho(t *testing.T) {
|
|||
t.Fatalf("GET put != expected: want:\n%+v, got \n%+v", want, o)
|
||||
}
|
||||
|
||||
r = httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/who?namespace=col&id=%s&connection=%s", want.Name, want.Peers()[0]), nil)
|
||||
forget := want.Peers()[0]
|
||||
r = httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/who?namespace=col&id=%s&connection=%s", want.Name, forget), nil)
|
||||
w = httptest.NewRecorder()
|
||||
handler.ServeHTTP(w, r)
|
||||
if w.Code != http.StatusOK {
|
||||
|
|
@ -579,11 +580,8 @@ func TestWho(t *testing.T) {
|
|||
if err := json.Unmarshal(w.Body.Bytes(), &o); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if _, ok := o.Connections[want.Peers()[0]]; ok {
|
||||
t.Fatal(want.Peers()[0], o.Connections)
|
||||
}
|
||||
if len(o.Connections) != len(put.Connections)-1 {
|
||||
t.Fatal(o.Connections)
|
||||
t.Fatalf("should've deleted %q but got %+v", forget, o.Connections)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue