fixed middleware file errors

YaleSpinup · May 9, 2023 · f717856 · f717856
1 parent d380704
commit f717856
Showing 1 changed file with 36 additions and 32 deletions.
diff --git a/api/middleware.go b/api/middleware.go
@@ -18,43 +18,47 @@ package api
 
 import (
 	"net/http"
+	"net/url"
+
+	log "github.com/sirupsen/logrus"
+	"golang.org/x/crypto/bcrypt"
 )
 
 // TokenMiddleware checks the tokens for non-public URLs
 func TokenMiddleware(psk []byte, public map[string]string, h http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		// log.Debug("Processing token middleware for protected URLs")
-
-		// // Handle CORS preflight checks
-		// if r.Method == "OPTIONS" {
-		// 	log.Info("Setting CORS preflight options and returning")
-		// 	w.Header().Set("Access-Control-Allow-Origin", "*")
-		// 	w.Header().Set("Access-Control-Allow-Headers", "X-Auth-Token")
-		// 	w.WriteHeader(http.StatusOK)
-		// 	w.Write([]byte{})
-		// 	return
-		// }
-
-		// uri, err := url.ParseRequestURI(r.RequestURI)
-		// if err != nil {
-		// 	log.Error("Unable to parse request URI ", err)
-		// 	w.WriteHeader(http.StatusForbidden)
-		// 	return
-		// }
-
-		// if _, ok := public[uri.Path]; ok {
-		// 	log.Infof("Not authenticating for '%s'", uri.Path)
-		// } else {
-		// 	log.Infof("Authenticating token for protected URL '%s'", r.URL)
-
-		// 	htoken := r.Header.Get("X-Auth-Token")
-		// 	if err := bcrypt.CompareHashAndPassword([]byte(htoken), psk); err != nil {
-		// 		log.Warnf("Unable to authenticate session for URL '%s' with error '%s'", r.URL, err)
-		// 		w.WriteHeader(http.StatusForbidden)
-		// 		return
-		// 	}
-		// }
-		// log.Infof("Successfully authenticated token for URL '%s'", r.URL)
+		log.Debug("Processing token middleware for protected URLs")
+
+		// Handle CORS preflight checks
+		if r.Method == "OPTIONS" {
+			log.Info("Setting CORS preflight options and returning")
+			w.Header().Set("Access-Control-Allow-Origin", "*")
+			w.Header().Set("Access-Control-Allow-Headers", "X-Auth-Token")
+			w.WriteHeader(http.StatusOK)
+			w.Write([]byte{})
+			return
+		}
+
+		uri, err := url.ParseRequestURI(r.RequestURI)
+		if err != nil {
+			log.Error("Unable to parse request URI ", err)
+			w.WriteHeader(http.StatusForbidden)
+			return
+		}
+
+		if _, ok := public[uri.Path]; ok {
+			log.Infof("Not authenticating for '%s'", uri.Path)
+		} else {
+			log.Infof("Authenticating token for protected URL '%s'", r.URL)
+
+			htoken := r.Header.Get("X-Auth-Token")
+			if err := bcrypt.CompareHashAndPassword([]byte(htoken), psk); err != nil {
+				log.Warnf("Unable to authenticate session for URL '%s' with error '%s'", r.URL, err)
+				w.WriteHeader(http.StatusForbidden)
+				return
+			}
+		}
+		log.Infof("Successfully authenticated token for URL '%s'", r.URL)
 
 		h.ServeHTTP(w, r)
 	})