server/settings/admin/handlers.go - Issue 2043423004: Make HTTP middleware easier to use

Unified Diff: server/settings/admin/handlers.go

Issue 2043423004: Make HTTP middleware easier to use (Closed) Base URL: https://github.com/luci/luci-go@master

Patch Set: gaemiddleware: add middleware func for WithProd Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Index: server/settings/admin/handlers.go

diff --git a/server/settings/admin/handlers.go b/server/settings/admin/handlers.go

index 04ecc3d607155ec429eaad5cb50ab387f4d179ba..32a3060516fde88e5fa28a33e99ed4ffe8a38573 100644

--- a/server/settings/admin/handlers.go

+++ b/server/settings/admin/handlers.go

@@ -3,41 +3,40 @@

// that can be found in the LICENSE file.

// Package admin implements HTTP routes for settings UI.

package admin

import (

"html/template"

"net"

"net/http"

- "github.com/julienschmidt/httprouter"

"golang.org/x/net/context"

"github.com/luci/luci-go/common/errors"

"github.com/luci/luci-go/server/auth"

"github.com/luci/luci-go/server/auth/identity"

"github.com/luci/luci-go/server/auth/xsrf"

- "github.com/luci/luci-go/server/middleware"

+ "github.com/luci/luci-go/server/router"

"github.com/luci/luci-go/server/templates"

"github.com/luci/luci-go/server/settings/admin/internal/assets"

)

// InstallHandlers installs HTTP handlers that implement admin UI.

// `adminAuth` is the method that will be used to authenticate the access

// (regardless of what's installed in the base context). It must be able to

// distinguish admins (aka superusers) from non-admins. It is needed because

// settings UI must be usable even before auth system is configured.

-func InstallHandlers(r *httprouter.Router, base middleware.Base, adminAuth auth.Method) {

+func InstallHandlers(r *router.Router, base router.MiddlewareChain, adminAuth auth.Method) {

tmpl := &templates.Bundle{

Loader: templates.AssetsLoader(assets.Assets()),

DefaultTemplate: "base",

FuncMap: template.FuncMap{

"includeCSS": func(name string) template.CSS {

return template.CSS(assets.GetAsset(name))

DefaultArgs: func(c context.Context) (templates.Args, error) {

logoutURL, err := auth.LogoutURL(c, "/")

@@ -50,33 +49,35 @@ func InstallHandlers(r *httprouter.Router, base middleware.Base, adminAuth auth.

}, nil

}

adminDB := adminBypassDB{

auth.ErroringDB{

Error: errors.New("admin: unexpected call to auth.DB on admin page"),

}

- wrap := func(h middleware.Handler) httprouter.Handle {

- h = adminOnly(h)

- h = auth.WithDB(h, func(c context.Context) (auth.DB, error) {

+ rr := r.Subrouter("/admin/settings")

+ rr.Use(append(

+ base,

+ templates.WithTemplates(tmpl),

+ auth.Use(auth.Authenticator{adminAuth}),

+ auth.WithDB(func(c context.Context) (auth.DB, error) {

return adminDB, nil

- })

- h = auth.Use(h, auth.Authenticator{adminAuth})

- h = templates.WithTemplates(h, tmpl)

- return base(h)

- }

- r.GET("/admin/settings", wrap(indexPage))

- r.GET("/admin/settings/:SettingsKey", wrap(settingsPageGET))

- r.POST("/admin/settings/:SettingsKey", wrap(xsrf.WithTokenCheck(settingsPagePOST)))

+ }),

+ auth.Autologin,

+ adminOnly,

+ ))

+ rr.GET("", nil, indexPage)

+ rr.GET("/:SettingsKey", nil, settingsPageGET)

+ rr.POST("/:SettingsKey", router.MiddlewareChain{xsrf.WithTokenCheck}, settingsPagePOST)

}

// replyError sends HTML error page with status 500 on transient errors or 400

// on fatal ones.

func replyError(c context.Context, rw http.ResponseWriter, err error) {

if errors.IsTransient(err) {

rw.WriteHeader(http.StatusInternalServerError)

} else {

rw.WriteHeader(http.StatusBadRequest)

}

@@ -101,20 +102,18 @@ func (adminBypassDB) GetWhitelistForIdentity(c context.Context, ident identity.I

return "", nil

}

func (adminBypassDB) IsInWhitelist(c context.Context, ip net.IP, whitelist string) (bool, error) {

return false, nil

}

// adminOnly is middleware that ensures authenticated user is local site admin

// aka superuser. On GAE it grants access only to users that have Editor or

// Owner roles in the Cloud Project.

-func adminOnly(h middleware.Handler) middleware.Handler {

- return auth.Autologin(func(c context.Context, rw http.ResponseWriter, r *http.Request, p httprouter.Params) {

- if !auth.CurrentUser(c).Superuser {

- rw.WriteHeader(http.StatusForbidden)

- templates.MustRender(c, rw, "pages/access_denied.html", nil)

- return

- }

- h(c, rw, r, p)

- })

+func adminOnly(c *router.Context, next router.Handler) {

+ if !auth.CurrentUser(c.Context).Superuser {

+ c.Writer.WriteHeader(http.StatusForbidden)

+ templates.MustRender(c.Context, c.Writer, "pages/access_denied.html", nil)

+ return

+ }

+ next(c)

}

« no previous file with comments | « server/router/router_test.go ('k') | server/settings/admin/index.go » ('j') | no next file with comments »