diff options
| author | Luke Granger-Brown <git@lukegb.com> | 2020-06-18 19:31:28 +0100 |
|---|---|---|
| committer | Michael Muré <batolettre@gmail.com> | 2020-06-27 22:58:22 +0200 |
| commit | 766aff2b2f9db339d7c42321fe6cd37309631be3 (patch) | |
| tree | 32f8f2f58e58ec7b13ee93af0374038384d5ed50 /commands/webui.go | |
| parent | 8a38897f79876b9372715150795b9da570af5a86 (diff) | |
| download | git-bug-766aff2b2f9db339d7c42321fe6cd37309631be3.tar.gz | |
Change graphql Go handlers to pluck identity out of context instead.
Diffstat (limited to 'commands/webui.go')
| -rw-r--r-- | commands/webui.go | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/commands/webui.go b/commands/webui.go index e1f592df..24bdeced 100644 --- a/commands/webui.go +++ b/commands/webui.go @@ -19,7 +19,6 @@ import ( "github.com/spf13/cobra" "github.com/MichaelMure/git-bug/graphql" - "github.com/MichaelMure/git-bug/graphql/config" "github.com/MichaelMure/git-bug/identity" "github.com/MichaelMure/git-bug/repository" "github.com/MichaelMure/git-bug/util/git" @@ -35,6 +34,15 @@ var ( const webUIOpenConfigKey = "git-bug.webui.open" +func authMiddleware(repo repository.RepoCommon, id *identity.Identity) func(http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + ctx := identity.AttachToContext(r.Context(), repo, id) + next.ServeHTTP(w, r.WithContext(ctx)) + }) + } +} + func runWebUI(cmd *cobra.Command, args []string) error { if webUIPort == 0 { var err error @@ -44,9 +52,12 @@ func runWebUI(cmd *cobra.Command, args []string) error { } } + var id *identity.Identity if !webUIReadOnly { // Verify that we have an identity. - if _, err := identity.GetUserIdentity(repo); err != nil { + var err error + id, err = identity.GetUserIdentity(repo) + if err != nil { return err } } @@ -56,7 +67,7 @@ func runWebUI(cmd *cobra.Command, args []string) error { router := mux.NewRouter() - graphqlHandler, err := graphql.NewHandler(repo, config.Config{ReadOnly: webUIReadOnly}) + graphqlHandler, err := graphql.NewHandler(repo) if err != nil { return err } @@ -70,10 +81,9 @@ func runWebUI(cmd *cobra.Command, args []string) error { router.Path("/playground").Handler(playground.Handler("git-bug", "/graphql")) router.Path("/graphql").Handler(graphqlHandler) router.Path("/gitfile/{hash}").Handler(newGitFileHandler(repo)) - if !webUIReadOnly { - router.Path("/upload").Methods("POST").Handler(newGitUploadFileHandler(repo)) - } + router.Path("/upload").Methods("POST").Handler(newGitUploadFileHandler(repo)) router.PathPrefix("/").Handler(http.FileServer(assetsHandler)) + router.Use(authMiddleware(repo, id)) srv := &http.Server{ Addr: addr, @@ -200,6 +210,11 @@ func newGitUploadFileHandler(repo repository.Repo) http.Handler { } func (gufh *gitUploadFileHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { + if identity.ForContext(r.Context(), gufh.repo) == nil { + http.Error(rw, fmt.Sprintf("read-only mode or not logged in"), http.StatusForbidden) + return + } + // 100MB (github limit) var maxUploadSize int64 = 100 * 1000 * 1000 r.Body = http.MaxBytesReader(rw, r.Body, maxUploadSize) |