RequireAPIKeyOrWorkspaceProxyAuth is middleware that should be inserted after optional ExtractAPIKey and ExtractWorkspaceProxy middlewares to ensure one of the two authentication methods is provided. If both are provided, an error is returned to avoid misuse.
()
| 13 | // |
| 14 | // If both are provided, an error is returned to avoid misuse. |
| 15 | func RequireAPIKeyOrWorkspaceProxyAuth() func(http.Handler) http.Handler { |
| 16 | return func(next http.Handler) http.Handler { |
| 17 | return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
| 18 | _, hasAPIKey := APIKeyOptional(r) |
| 19 | _, hasWorkspaceProxy := WorkspaceProxyOptional(r) |
| 20 | |
| 21 | if hasAPIKey && hasWorkspaceProxy { |
| 22 | httpapi.Write(r.Context(), w, http.StatusBadRequest, codersdk.Response{ |
| 23 | Message: "API key and external proxy authentication provided, but only one is allowed", |
| 24 | }) |
| 25 | return |
| 26 | } |
| 27 | if !hasAPIKey && !hasWorkspaceProxy { |
| 28 | httpapi.Write(r.Context(), w, http.StatusUnauthorized, codersdk.Response{ |
| 29 | Message: "API key or external proxy authentication required, but none provided", |
| 30 | }) |
| 31 | return |
| 32 | } |
| 33 | |
| 34 | next.ServeHTTP(w, r) |
| 35 | }) |
| 36 | } |
| 37 | } |
| 38 | |
| 39 | // RequireAPIKeyOrWorkspaceAgent is middleware that should be inserted after |
| 40 | // optional ExtractAPIKey and ExtractWorkspaceAgent middlewares to ensure one of |