forked from runatlantis/atlantis
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmiddleware.go
73 lines (67 loc) · 2.29 KB
/
middleware.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
// Copyright 2017 HootSuite Media Inc.
//
// Licensed under the Apache License, Version 2.0 (the License);
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an AS IS BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Modified hereafter by contributors to runatlantis/atlantis.
package server
import (
"net/http"
"strings"
"github.com/runatlantis/atlantis/server/logging"
"github.com/urfave/negroni/v3"
)
// NewRequestLogger creates a RequestLogger.
func NewRequestLogger(s *Server) *RequestLogger {
return &RequestLogger{
s.Logger,
s.WebAuthentication,
s.WebUsername,
s.WebPassword,
}
}
// RequestLogger logs requests and their response codes.
// as well as handle the basicauth on the requests
type RequestLogger struct {
logger logging.SimpleLogging
WebAuthentication bool
WebUsername string
WebPassword string
}
// ServeHTTP implements the middleware function. It logs all requests at DEBUG level.
func (l *RequestLogger) ServeHTTP(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
l.logger.Debug("%s %s – from %s", r.Method, r.URL.RequestURI(), r.RemoteAddr)
allowed := false
if !l.WebAuthentication ||
r.URL.Path == "/events" ||
r.URL.Path == "/healthz" ||
r.URL.Path == "/status" ||
strings.HasPrefix(r.URL.Path, "/api/") {
allowed = true
} else {
user, pass, ok := r.BasicAuth()
if ok {
r.SetBasicAuth(user, pass)
if user == l.WebUsername && pass == l.WebPassword {
l.logger.Debug("[VALID] log in: >> url: %s", r.URL.RequestURI())
allowed = true
} else {
allowed = false
l.logger.Info("[INVALID] log in attempt: >> url: %s", r.URL.RequestURI())
}
}
}
if !allowed {
rw.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
http.Error(rw, "Unauthorized", http.StatusUnauthorized)
} else {
next(rw, r)
}
l.logger.Debug("%s %s – respond HTTP %d", r.Method, r.URL.RequestURI(), rw.(negroni.ResponseWriter).Status())
}