diff options
author | Niall Sheridan <nsheridan@gmail.com> | 2018-08-09 20:47:50 +0100 |
---|---|---|
committer | Niall Sheridan <nsheridan@gmail.com> | 2018-08-09 23:55:14 +0100 |
commit | d21fac6f190c1079ca247658530d465ad5867ff5 (patch) | |
tree | 568d5095602809c7edae3ff4272a68bfb015fe45 /server/web.go | |
parent | 347c11ec42264c579eb3f19494e4f75ab8bb8f0d (diff) |
Only request a reason from the client if the server requires it
Diffstat (limited to 'server/web.go')
-rw-r--r-- | server/web.go | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/server/web.go b/server/web.go index 5677429..e238150 100644 --- a/server/web.go +++ b/server/web.go @@ -33,8 +33,9 @@ import ( // appContext contains local context - cookiestore, authsession etc. type appContext struct { - cookiestore *sessions.CookieStore - authsession *auth.Session + cookiestore *sessions.CookieStore + authsession *auth.Session + requireReason bool } // getAuthTokenCookie retrieves a cookie from the request. @@ -141,6 +142,12 @@ func signHandler(a *appContext, w http.ResponseWriter, r *http.Request) (int, er if err != nil { return http.StatusBadRequest, errors.Wrap(err, "unable to extract key from request") } + + if a.requireReason && req.Message == "" { + w.Header().Add("X-Need-Reason", "required") + return http.StatusForbidden, errors.New(http.StatusText(http.StatusForbidden)) + } + username := authprovider.Username(token) authprovider.Revoke(token) // We don't need this anymore. cert, err := keysigner.SignUserKey(req, username) @@ -266,7 +273,6 @@ type appHandler struct { func (ah appHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { status, err := ah.h(ah.appContext, w, r) if err != nil { - log.Printf("HTTP %d: %q", status, err) http.Error(w, err.Error(), status) } } @@ -283,7 +289,8 @@ func newState() string { func runHTTPServer(conf *config.Server, l net.Listener) { var err error ctx := &appContext{ - cookiestore: sessions.NewCookieStore([]byte(conf.CookieSecret)), + cookiestore: sessions.NewCookieStore([]byte(conf.CookieSecret)), + requireReason: conf.RequireReason, } ctx.cookiestore.Options = &sessions.Options{ MaxAge: 900, @@ -313,6 +320,7 @@ func runHTTPServer(conf *config.Server, l net.Listener) { r.Methods("GET").Path("/admin/certs.json").Handler(appHandler{ctx, listCertsJSONHandler}) r.Methods("GET").Path("/metrics").Handler(promhttp.Handler()) r.Methods("GET").Path("/healthcheck").HandlerFunc(healthcheck) + box := packr.NewBox("static") r.PathPrefix("/static/").Handler(http.StripPrefix("/static/", http.FileServer(box))) h := handlers.LoggingHandler(logfile, r) |