(next http.Handler)
| 37 | } |
| 38 | |
| 39 | func adminPrivilegeChecker(next http.Handler) http.Handler { |
| 40 | return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { |
| 41 | if config.GetConfig().TLSConfig == nil || !config.GetConfig().VerifyCertificate { |
| 42 | // http mode or no certificate verification required |
| 43 | next.ServeHTTP(rw, r) |
| 44 | return |
| 45 | } |
| 46 | |
| 47 | if r.TLS != nil && len(r.TLS.PeerCertificates) > 0 { |
| 48 | cert := r.TLS.PeerCertificates[0] |
| 49 | |
| 50 | for _, privilegedCert := range config.GetConfig().AdminCertificates { |
| 51 | if cert.Equal(privilegedCert) { |
| 52 | next.ServeHTTP(rw, r) |
| 53 | return |
| 54 | } |
| 55 | } |
| 56 | } |
| 57 | |
| 58 | // forbidden |
| 59 | sendResponse(http.StatusForbidden, false, nil, nil, rw) |
| 60 | }) |
| 61 | } |
| 62 | |
| 63 | // adminAPI defines admin features such as database create/drop. |
| 64 | type adminAPI struct{} |
nothing calls this directly
no test coverage detected