authOnlyAuthorize handles special authorization logic that is only done on the AuthOnly endpoint for use with Nginx subrequest architectures.
(req *http.Request, s *sessionsapi.SessionState)
| 1178 | // authOnlyAuthorize handles special authorization logic that is only done |
| 1179 | // on the AuthOnly endpoint for use with Nginx subrequest architectures. |
| 1180 | func authOnlyAuthorize(req *http.Request, s *sessionsapi.SessionState) bool { |
| 1181 | // Allow requests previously allowed to be bypassed |
| 1182 | if s == nil { |
| 1183 | return true |
| 1184 | } |
| 1185 | |
| 1186 | constraints := []func(*http.Request, *sessionsapi.SessionState) bool{ |
| 1187 | checkAllowedGroups, |
| 1188 | checkAllowedEmailDomains, |
| 1189 | checkAllowedEmails, |
| 1190 | } |
| 1191 | |
| 1192 | for _, constraint := range constraints { |
| 1193 | if !constraint(req, s) { |
| 1194 | return false |
| 1195 | } |
| 1196 | } |
| 1197 | |
| 1198 | return true |
| 1199 | } |
| 1200 | |
| 1201 | // extractAllowedEntities aims to extract and split allowed entities linked by a key, |
| 1202 | // from an HTTP request query. Output is a map[string]struct{} where keys are valuable, |