RequireAPIKeyOrProvisionerDaemonAuth is middleware that should be inserted after optional ExtractAPIKey and ExtractProvisionerDaemonAuthenticated middlewares to ensure one of the two authentication methods is provided. If both are provided, an error is returned to avoid misuse.
()
| 71 | // |
| 72 | // If both are provided, an error is returned to avoid misuse. |
| 73 | func RequireAPIKeyOrProvisionerDaemonAuth() func(http.Handler) http.Handler { |
| 74 | return func(next http.Handler) http.Handler { |
| 75 | return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
| 76 | _, hasAPIKey := APIKeyOptional(r) |
| 77 | hasProvisionerDaemon := ProvisionerDaemonAuthenticated(r) |
| 78 | |
| 79 | if hasAPIKey && hasProvisionerDaemon { |
| 80 | httpapi.Write(r.Context(), w, http.StatusBadRequest, codersdk.Response{ |
| 81 | Message: "API key and external provisioner authentication provided, but only one is allowed", |
| 82 | }) |
| 83 | return |
| 84 | } |
| 85 | if !hasAPIKey && !hasProvisionerDaemon { |
| 86 | httpapi.Write(r.Context(), w, http.StatusUnauthorized, codersdk.Response{ |
| 87 | Message: "API key or external provisioner authentication required, but none provided", |
| 88 | }) |
| 89 | return |
| 90 | } |
| 91 | |
| 92 | next.ServeHTTP(w, r) |
| 93 | }) |
| 94 | } |
| 95 | } |
no test coverage detected