| Index: server/settings/admin/handlers.go
|
| diff --git a/server/settings/admin/handlers.go b/server/settings/admin/handlers.go
|
| index 04ecc3d607155ec429eaad5cb50ab387f4d179ba..5c46d3bad84e428776fd9ee5ef0228009f4e5b40 100644
|
| --- a/server/settings/admin/handlers.go
|
| +++ b/server/settings/admin/handlers.go
|
| @@ -10,7 +10,6 @@ import (
|
| "net"
|
| "net/http"
|
|
|
| - "github.com/julienschmidt/httprouter"
|
| "golang.org/x/net/context"
|
|
|
| "github.com/luci/luci-go/common/errors"
|
| @@ -18,7 +17,7 @@ import (
|
| "github.com/luci/luci-go/server/auth"
|
| "github.com/luci/luci-go/server/auth/identity"
|
| "github.com/luci/luci-go/server/auth/xsrf"
|
| - "github.com/luci/luci-go/server/middleware"
|
| + "github.com/luci/luci-go/server/router"
|
| "github.com/luci/luci-go/server/templates"
|
|
|
| "github.com/luci/luci-go/server/settings/admin/internal/assets"
|
| @@ -30,7 +29,7 @@ import (
|
| // (regardless of what's installed in the base context). It must be able to
|
| // distinguish admins (aka superusers) from non-admins. It is needed because
|
| // settings UI must be usable even before auth system is configured.
|
| -func InstallHandlers(r *httprouter.Router, base middleware.Base, adminAuth auth.Method) {
|
| +func InstallHandlers(r *router.Router, handlers []router.Handler, adminAuth auth.Method) {
|
| tmpl := &templates.Bundle{
|
| Loader: templates.AssetsLoader(assets.Assets()),
|
| DefaultTemplate: "base",
|
| @@ -57,19 +56,21 @@ func InstallHandlers(r *httprouter.Router, base middleware.Base, adminAuth auth.
|
| },
|
| }
|
|
|
| - wrap := func(h middleware.Handler) httprouter.Handle {
|
| - h = adminOnly(h)
|
| - h = auth.WithDB(h, func(c context.Context) (auth.DB, error) {
|
| - return adminDB, nil
|
| - })
|
| - h = auth.Use(h, auth.Authenticator{adminAuth})
|
| - h = templates.WithTemplates(h, tmpl)
|
| - return base(h)
|
| + wrap := func() []router.Handler {
|
| + h := append(
|
| + handlers,
|
| + templates.WithTemplates(tmpl),
|
| + auth.Use(auth.Authenticator{adminAuth}),
|
| + auth.WithDB(func(c context.Context) (auth.DB, error) {
|
| + return adminDB, nil
|
| + }),
|
| + )
|
| + return append(h, adminOnly()...)
|
| }
|
|
|
| - r.GET("/admin/settings", wrap(indexPage))
|
| - r.GET("/admin/settings/:SettingsKey", wrap(settingsPageGET))
|
| - r.POST("/admin/settings/:SettingsKey", wrap(xsrf.WithTokenCheck(settingsPagePOST)))
|
| + r.GET("/admin/settings", append(wrap(), indexPage)...)
|
| + r.GET("/admin/settings/:SettingsKey", append(wrap(), settingsPageGET)...)
|
| + r.POST("/admin/settings/:SettingsKey", append(wrap(), xsrf.WithTokenCheck(), settingsPagePOST)...)
|
| }
|
|
|
| // replyError sends HTML error page with status 500 on transient errors or 400
|
| @@ -108,13 +109,16 @@ func (adminBypassDB) IsInWhitelist(c context.Context, ip net.IP, whitelist strin
|
| // adminOnly is middleware that ensures authenticated user is local site admin
|
| // aka superuser. On GAE it grants access only to users that have Editor or
|
| // Owner roles in the Cloud Project.
|
| -func adminOnly(h middleware.Handler) middleware.Handler {
|
| - return auth.Autologin(func(c context.Context, rw http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
| - if !auth.CurrentUser(c).Superuser {
|
| - rw.WriteHeader(http.StatusForbidden)
|
| - templates.MustRender(c, rw, "pages/access_denied.html", nil)
|
| - return
|
| - }
|
| - h(c, rw, r, p)
|
| - })
|
| +func adminOnly() []router.Handler {
|
| + return []router.Handler{
|
| + auth.Autologin(),
|
| + func(c *router.Context) {
|
| + if !auth.CurrentUser(c.Context).Superuser {
|
| + c.Writer.WriteHeader(http.StatusForbidden)
|
| + templates.MustRender(c.Context, c.Writer, "pages/access_denied.html", nil)
|
| + c.Abort()
|
| + return
|
| + }
|
| + },
|
| + }
|
| }
|
|
|
Chromium Code Reviews
Issue 2043423004:
Make HTTP middleware easier to use (Closed)
Base URL: https://github.com/luci/luci-go@master