AsAuthzSystem is a chained handler that temporarily sets the dbauthz context to System for the inner handlers, and resets the context afterwards. TODO: Refactor the middleware functions to not require this. This is a bit of a kludge for now as some middleware functions require usage as a system use
(mws ...func(http.Handler) http.Handler)
| 20 | // usage as a system user in some cases, but not all cases. To avoid large |
| 21 | // refactors, we use this middleware to temporarily set the context to a system. |
| 22 | func AsAuthzSystem(mws ...func(http.Handler) http.Handler) func(http.Handler) http.Handler { |
| 23 | chain := chi.Chain(mws...) |
| 24 | return func(next http.Handler) http.Handler { |
| 25 | return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { |
| 26 | ctx := r.Context() |
| 27 | before, beforeExists := dbauthz.ActorFromContext(r.Context()) |
| 28 | if !beforeExists { |
| 29 | // AsRemoveActor will actually remove the actor from the context. |
| 30 | before = dbauthz.AsRemoveActor |
| 31 | } |
| 32 | |
| 33 | // nolint:gocritic // AsAuthzSystem needs to do this. |
| 34 | r = r.WithContext(dbauthz.AsSystemRestricted(ctx)) |
| 35 | chain.Handler(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { |
| 36 | r = r.WithContext(dbauthz.As(r.Context(), before)) |
| 37 | next.ServeHTTP(rw, r) |
| 38 | })).ServeHTTP(rw, r) |
| 39 | }) |
| 40 | } |
| 41 | } |
| 42 | |
| 43 | // RecordAuthzChecks enables recording all the authorization checks that |
| 44 | // occurred in the processing of a request. This is mostly helpful for debugging |