Skip to content
Snippets Groups Projects
Commit 89a8810c authored by Christian Pointner's avatar Christian Pointner
Browse files

auth session can now be read-only

parent dab5b166
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
api/v1/api_shows.go
+ 1
1
View file @ 89a8810c
...@@ -44,7 +44,7 @@ func (api *API) ListShows() http.Handler { ...@@ -44,7 +44,7 @@ func (api *API) ListShows() http.Handler {
showsMap[showName] = store.Show{Name: showName} showsMap[showName] = store.Show{Name: showName}
} }
for _, show := range storeShows { for _, show := range storeShows {
if _, ok := showsMap[show.Name]; ok || s.IsAdmin { if _, ok := showsMap[show.Name]; ok || s.AllShows {
showsMap[show.Name] = show showsMap[show.Name] = show
} }
} }
......
api/v1/utils.go
+ 10
1
View file @ 89a8810c
...@@ -102,7 +102,16 @@ func getAuthSession(r *http.Request) *auth.Session { ...@@ -102,7 +102,16 @@ func getAuthSession(r *http.Request) *auth.Session {
func authorizeRequest(w http.ResponseWriter, r *http.Request, showID string) (bool, *auth.Session) { func authorizeRequest(w http.ResponseWriter, r *http.Request, showID string) (bool, *auth.Session) {
s := getAuthSession(r) s := getAuthSession(r)
if s.IsAdmin { if s.ReadOnly {
switch r.Method {
case http.MethodGet:
break
default:
sendWebResponse(w, http.StatusForbidden, ErrorResponse{Error: "this session is read-only"})
return false, s
}
}
if s.AllShows {
return true, s return true, s
} }
for _, show := range s.Shows { for _, show := range s.Shows {
......
auth/sessions.go
+ 5
3
View file @ 89a8810c
...@@ -72,7 +72,8 @@ type Session struct { ...@@ -72,7 +72,8 @@ type Session struct {
State SessionState `json:"state"` State SessionState `json:"state"`
Expires time.Time `json:"expires"` Expires time.Time `json:"expires"`
Username string `json:"username"` Username string `json:"username"`
IsAdmin bool `json:"is-admin"` ReadOnly bool `json:"readonly"`
AllShows bool `json:"all-shows"`
Shows []string `json:"shows"` Shows []string `json:"shows"`
subscribe chan struct{} subscribe chan struct{}
...@@ -92,8 +93,9 @@ func NewSession() (s *Session, err error) { ...@@ -92,8 +93,9 @@ func NewSession() (s *Session, err error) {
} }
var ( var (
anonAllowNone = &Session{Username: "anonymous", IsAdmin: false, Shows: []string{}} anonAllowNone = &Session{Username: "anonymous", ReadOnly: false, AllShows: false, Shows: []string{}}
anonAllowAll = &Session{Username: "anonymous", IsAdmin: true, Shows: []string{}} anonAllowAll = &Session{Username: "anonymous", ReadOnly: false, AllShows: true, Shows: []string{}}
anonAllowAllRO = &Session{Username: "anonymous", ReadOnly: true, AllShows: true, Shows: []string{}}
) )
func (s *Session) Expired() bool { func (s *Session) Expired() bool {
......
contrib/sample-cfg.yaml
+ 9
9
View file @ 89a8810c
...@@ -29,15 +29,15 @@ importer: ...@@ -29,15 +29,15 @@ importer:
normalizer: ffmpeg normalizer: ffmpeg
### uncomment to enable authentication ### uncomment to enable authentication
auth: # auth:
sessions: # sessions:
## defaults to 24h # ## defaults to 24h
max-age: 12h # max-age: 12h
oidc: # oidc:
issuer-url: http://localhost:8000/openid # issuer-url: http://localhost:8000/openid
client-id: ${OIDC_CLIENT_ID} # client-id: ${OIDC_CLIENT_ID}
client-secret: ${OIDC_CLIENT_SECRET} # client-secret: ${OIDC_CLIENT_SECRET}
callback-url: http://localhost:8080/auth/oidc/callback # callback-url: http://localhost:8080/auth/oidc/callback
### uncomment to enable CORS headers ### uncomment to enable CORS headers
### see: https://godoc.org/github.com/rs/cors#Options ### see: https://godoc.org/github.com/rs/cors#Options
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment