Implement authorization plug
This commit is contained in:
parent
7e16cd9ae0
commit
9a6b7eb518
GPG Key ID:
B53AB05285D710D6
|
|
@ -0,0 +1,54 @@
|
||||||
|
defmodule HostasWeb.Plugs.Auth do
|
||||||
|
import Plug.Conn
|
||||||
|
use HostasWeb, :controller
|
||||||
|
import Ecto.Query, only: [from: 2]
|
||||||
|
|
||||||
|
alias Hostas.Repo
|
||||||
|
alias Hostas.Denizen
|
||||||
|
alias Hostas.Token
|
||||||
|
|
||||||
|
def init(default), do: default
|
||||||
|
|
||||||
|
def call(conn, _default) do
|
||||||
|
case get_req_header(conn, "authorization") |> List.first() do
|
||||||
|
nil -> conn
|
||||||
|
|> put_status(401)
|
||||||
|
|> json(%{"error" => "No API key provided"})
|
||||||
|
|> halt()
|
||||||
|
header_value ->
|
||||||
|
case header_value |> String.split() do
|
||||||
|
[method, key] ->
|
||||||
|
if method == "Bearer" do
|
||||||
|
case Token.get(key) do
|
||||||
|
{:ok, struct} ->
|
||||||
|
denizen = Repo.one!(from d in Denizen, where: d.id == ^struct.denizen_id)
|
||||||
|
|
||||||
|
conn
|
||||||
|
|> assign(:token, struct)
|
||||||
|
|> assign(:denizen, denizen)
|
||||||
|
{:error, :expired} ->
|
||||||
|
conn
|
||||||
|
|> put_status(401)
|
||||||
|
|> json(%{"error" => "Token expired"})
|
||||||
|
|> halt()
|
||||||
|
{:error, :unknown} ->
|
||||||
|
conn
|
||||||
|
|> put_status(401)
|
||||||
|
|> json(%{"error" => "API key not found"})
|
||||||
|
|> halt()
|
||||||
|
end
|
||||||
|
else
|
||||||
|
conn
|
||||||
|
|> put_status(401)
|
||||||
|
|> json(%{"error" => "Unknown authorization method"})
|
||||||
|
|> halt()
|
||||||
|
end
|
||||||
|
_ ->
|
||||||
|
conn
|
||||||
|
|> put_status(422)
|
||||||
|
|> json(%{"error" => "Malformed Authorization header"})
|
||||||
|
|> halt()
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
defmodule HostasWeb.Router do
|
defmodule HostasWeb.Router do
|
||||||
use HostasWeb, :router
|
use HostasWeb, :router
|
||||||
|
alias HostasWeb.Plugs
|
||||||
|
|
||||||
pipeline :browser do
|
pipeline :browser do
|
||||||
plug :accepts, ["html"]
|
plug :accepts, ["html"]
|
||||||
|
|
@ -14,6 +15,10 @@ defmodule HostasWeb.Router do
|
||||||
plug :accepts, ["json"]
|
plug :accepts, ["json"]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
pipeline :api_locked do
|
||||||
|
plug Plugs.Auth
|
||||||
|
end
|
||||||
|
|
||||||
scope "/", HostasWeb do
|
scope "/", HostasWeb do
|
||||||
pipe_through :browser
|
pipe_through :browser
|
||||||
|
|
||||||
|
|
@ -25,6 +30,8 @@ defmodule HostasWeb.Router do
|
||||||
|
|
||||||
# create, verify, renew, revoke
|
# create, verify, renew, revoke
|
||||||
post "/auth/token", Auth.TokenController, :create
|
post "/auth/token", Auth.TokenController, :create
|
||||||
|
|
||||||
|
pipe_through :api_locked
|
||||||
get "/auth/token", Auth.TokenController, :verify
|
get "/auth/token", Auth.TokenController, :verify
|
||||||
delete "/auth/token/:id", Auth.TokenController, :revoke
|
delete "/auth/token/:id", Auth.TokenController, :revoke
|
||||||
get "/auth/token/:id/renew", Auth.TokenController, :renew
|
get "/auth/token/:id/renew", Auth.TokenController, :renew
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue