(req *http.Request)
| 891 | } |
| 892 | |
| 893 | func (rp *reverseProxy) getScope(req *http.Request) (*scope, int, error) { |
| 894 | name, password := getAuth(req) |
| 895 | sessionId := getSessionId(req) |
| 896 | sessionTimeout := getSessionTimeout(req) |
| 897 | var ( |
| 898 | u *user |
| 899 | c *cluster |
| 900 | cu *clusterUser |
| 901 | ) |
| 902 | |
| 903 | found, u, c, cu := rp.getUser(name, password) |
| 904 | if !found { |
| 905 | return nil, http.StatusUnauthorized, fmt.Errorf("invalid username or password for user %q", name) |
| 906 | } |
| 907 | if u.denyHTTP && req.TLS == nil { |
| 908 | return nil, http.StatusForbidden, fmt.Errorf("user %q is not allowed to access via http", u.name) |
| 909 | } |
| 910 | if u.denyHTTPS && req.TLS != nil { |
| 911 | return nil, http.StatusForbidden, fmt.Errorf("user %q is not allowed to access via https", u.name) |
| 912 | } |
| 913 | if !u.allowedNetworks.Contains(req.RemoteAddr) { |
| 914 | return nil, http.StatusForbidden, fmt.Errorf("user %q is not allowed to access", u.name) |
| 915 | } |
| 916 | if !cu.allowedNetworks.Contains(req.RemoteAddr) { |
| 917 | return nil, http.StatusForbidden, fmt.Errorf("cluster user %q is not allowed to access", cu.name) |
| 918 | } |
| 919 | |
| 920 | s := newScope(req, u, c, cu, sessionId, sessionTimeout) |
| 921 | return s, 0, nil |
| 922 | } |
no test coverage detected