diff --git a/client/deploy.go b/client/deploy.go index 3befc93..2ad1f2b 100644 --- a/client/deploy.go +++ b/client/deploy.go @@ -37,9 +37,6 @@ func download(dir string, urlpath string, accessToken string) (target string, er } req, _ := http.NewRequest("GET", urlpath, nil) - if len(accessToken) > 0 { - req.Header.Add("Authorization", accessToken) - } req.Header.Add("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36 Edg/111.0.1661.51") resp, err := http.DefaultClient.Do(req) if err != nil { diff --git a/server/http_handler.go b/server/http_handler.go index 1767992..a73f529 100644 --- a/server/http_handler.go +++ b/server/http_handler.go @@ -1,6 +1,7 @@ package server import ( + "encoding/json" "fmt" "io" "net/http" @@ -10,6 +11,7 @@ import ( "runtime/debug" "strings" + "repositories.action2quare.com/ayo/gocommon/flagx" "repositories.action2quare.com/ayo/gocommon/logger" ) @@ -104,6 +106,8 @@ func (h *houstonHandler) RegisterHandlers(serveMux *http.ServeMux, prefix string return nil } +var noauth = flagx.Bool("noauth", false, "") + func (h *houstonHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { defer func() { s := recover() @@ -118,13 +122,45 @@ func (h *houstonHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { r.Body.Close() }() + var userinfo map[string]any + if !*noauth { + authheader := r.Header.Get("Authorization") + if len(authheader) == 0 { + logger.Println("Authorization header is not valid :", authheader) + w.WriteHeader(http.StatusBadRequest) + return + } + + req, _ := http.NewRequest("GET", "https://graph.microsoft.com/oidc/userinfo", nil) + req.Header.Add("Authorization", authheader) + client := &http.Client{} + + resp, err := client.Do(req) + if err != nil { + logger.Println("graph microsoft api call failed :", err) + w.WriteHeader(http.StatusBadRequest) + return + } + defer resp.Body.Close() + + raw, _ := io.ReadAll(resp.Body) + if err = json.Unmarshal(raw, &userinfo); err != nil { + return + } + + if _, expired := userinfo["error"]; expired { + w.WriteHeader(http.StatusUnauthorized) + return + } + } + var operation string if r.Method == "POST" { operation = r.FormValue("operation") - logger.Println("api called :", r.Form) + logger.Println("api called :", userinfo, r.Form) } else { operation = r.URL.Query().Get("operation") - logger.Println("api called :", r.URL.Query()) + logger.Println("api called :", userinfo, r.URL.Query()) } if len(operation) == 0 {