| 60 | } |
| 61 | |
| 62 | func (m *APIKeyAuthMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) { |
| 63 | if r.URL != nil && (r.URL.Path == "/rtc/validate" || r.URL.Path == "/rtc/v1/validate") { |
| 64 | w.Header().Set("Access-Control-Allow-Origin", "*") |
| 65 | } |
| 66 | |
| 67 | authHeader := r.Header.Get(authorizationHeader) |
| 68 | var authToken string |
| 69 | |
| 70 | if authHeader != "" { |
| 71 | if !strings.HasPrefix(authHeader, bearerPrefix) { |
| 72 | HandleError(w, r, http.StatusUnauthorized, ErrMissingAuthorization) |
| 73 | return |
| 74 | } |
| 75 | |
| 76 | authToken = authHeader[len(bearerPrefix):] |
| 77 | } else { |
| 78 | // attempt to find from request header |
| 79 | authToken = r.FormValue(accessTokenParam) |
| 80 | } |
| 81 | |
| 82 | if authToken != "" { |
| 83 | v, err := auth.ParseAPIToken(authToken) |
| 84 | if err != nil { |
| 85 | HandleError(w, r, http.StatusUnauthorized, ErrInvalidAuthorizationToken) |
| 86 | return |
| 87 | } |
| 88 | |
| 89 | secret := m.provider.GetSecret(v.APIKey()) |
| 90 | if secret == "" { |
| 91 | HandleError(w, r, http.StatusUnauthorized, errors.New("invalid API key: "+v.APIKey())) |
| 92 | return |
| 93 | } |
| 94 | |
| 95 | claims, grants, err := v.Verify(secret) |
| 96 | if err != nil { |
| 97 | HandleError(w, r, http.StatusUnauthorized, errors.New("invalid token: "+authToken+", error: "+err.Error())) |
| 98 | return |
| 99 | } |
| 100 | |
| 101 | var expiresAt time.Time |
| 102 | if claims != nil && claims.ExpiresAt != nil { |
| 103 | expiresAt = claims.ExpiresAt.Time |
| 104 | } |
| 105 | |
| 106 | // set grants in context |
| 107 | ctx := r.Context() |
| 108 | r = r.WithContext(context.WithValue(ctx, grantsKey{}, &grantsValue{ |
| 109 | claims: grants, |
| 110 | apiKey: v.APIKey(), |
| 111 | expiresAt: expiresAt, |
| 112 | })) |
| 113 | } |
| 114 | |
| 115 | next.ServeHTTP(w, r) |
| 116 | } |
| 117 | |
| 118 | func WithAPIKey(ctx context.Context, grants *auth.ClaimGrants, apiKey string) context.Context { |
| 119 | return context.WithValue(ctx, grantsKey{}, &grantsValue{ |