mirror of
https://github.com/coder/coder.git
synced 2025-07-03 16:13:58 +00:00
22e781eced
* chore: add /v2 to import module path go mod requires semantic versioning with versions greater than 1.x This was a mechanical update by running: ``` go install github.com/marwan-at-work/mod/cmd/mod@latest mod upgrade ``` Migrate generated files to import /v2 * Fix gen
67 lines
2.1 KiB
Go
67 lines
2.1 KiB
Go
package httpmw
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/coder/coder/v2/coderd/httpapi"
|
|
"github.com/coder/coder/v2/codersdk"
|
|
)
|
|
|
|
// RequireAPIKeyOrWorkspaceProxyAuth is middleware that should be inserted after
|
|
// optional ExtractAPIKey and ExtractWorkspaceProxy middlewares to ensure one of
|
|
// the two authentication methods is provided.
|
|
//
|
|
// If both are provided, an error is returned to avoid misuse.
|
|
func RequireAPIKeyOrWorkspaceProxyAuth() func(http.Handler) http.Handler {
|
|
return func(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
_, hasAPIKey := APIKeyOptional(r)
|
|
_, hasWorkspaceProxy := WorkspaceProxyOptional(r)
|
|
|
|
if hasAPIKey && hasWorkspaceProxy {
|
|
httpapi.Write(r.Context(), w, http.StatusBadRequest, codersdk.Response{
|
|
Message: "API key and external proxy authentication provided, but only one is allowed",
|
|
})
|
|
return
|
|
}
|
|
if !hasAPIKey && !hasWorkspaceProxy {
|
|
httpapi.Write(r.Context(), w, http.StatusUnauthorized, codersdk.Response{
|
|
Message: "API key or external proxy authentication required, but none provided",
|
|
})
|
|
return
|
|
}
|
|
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
}
|
|
|
|
// RequireAPIKeyOrWorkspaceAgent is middleware that should be inserted after
|
|
// optional ExtractAPIKey and ExtractWorkspaceAgent middlewares to ensure one of
|
|
// the two is provided.
|
|
//
|
|
// If both are provided an error is returned to avoid misuse.
|
|
func RequireAPIKeyOrWorkspaceAgent() func(http.Handler) http.Handler {
|
|
return func(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
_, hasAPIKey := APIKeyOptional(r)
|
|
_, hasWorkspaceAgent := WorkspaceAgentOptional(r)
|
|
|
|
if hasAPIKey && hasWorkspaceAgent {
|
|
httpapi.Write(r.Context(), w, http.StatusBadRequest, codersdk.Response{
|
|
Message: "API key and workspace agent token provided, but only one is allowed",
|
|
})
|
|
return
|
|
}
|
|
if !hasAPIKey && !hasWorkspaceAgent {
|
|
httpapi.Write(r.Context(), w, http.StatusUnauthorized, codersdk.Response{
|
|
Message: "API key or workspace agent token required, but none provided",
|
|
})
|
|
return
|
|
}
|
|
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
}
|