package middleware import ( "net/http" "github.com/drone/drone/server/session" "github.com/goji/context" "github.com/zenazn/goji/web" ) // SetUser is a middleware function that retrieves // the currently authenticated user from the request // and stores in the context. func SetUser(c *web.C, h http.Handler) http.Handler { fn := func(w http.ResponseWriter, r *http.Request) { var ctx = context.FromC(*c) var user = session.GetUser(ctx, r) if user != nil && user.ID != 0 { UserToC(c, user) } h.ServeHTTP(w, r) } return http.HandlerFunc(fn) } // RequireUser is a middleware function that verifies // there is a currently authenticated user stored in // the context. func RequireUser(c *web.C, h http.Handler) http.Handler { fn := func(w http.ResponseWriter, r *http.Request) { if ToUser(c) == nil { w.WriteHeader(http.StatusUnauthorized) return } h.ServeHTTP(w, r) } return http.HandlerFunc(fn) } // RequireUserAdmin is a middleware function that verifies // there is a currently authenticated user stored in // the context with ADMIN privilege. func RequireUserAdmin(c *web.C, h http.Handler) http.Handler { fn := func(w http.ResponseWriter, r *http.Request) { var user = ToUser(c) switch { case user == nil: w.WriteHeader(http.StatusUnauthorized) return case user != nil && !user.Admin: w.WriteHeader(http.StatusForbidden) return } h.ServeHTTP(w, r) } return http.HandlerFunc(fn) }