noauth 처리

server/http_handler.go

@@ -1,6 +1,7 @@
 package server
 
 import (
+	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
@@ -10,6 +11,7 @@ import (
 	"runtime/debug"
 	"strings"
 
+	"repositories.action2quare.com/ayo/gocommon/flagx"
 	"repositories.action2quare.com/ayo/gocommon/logger"
 )
 
@@ -104,6 +106,8 @@ func (h *houstonHandler) RegisterHandlers(serveMux *http.ServeMux, prefix string
 	return nil
 }
 
+var noauth = flagx.Bool("noauth", false, "")
+
 func (h *houstonHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	defer func() {
 		s := recover()
@@ -118,13 +122,45 @@ func (h *houstonHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		r.Body.Close()
 	}()
 
+	var userinfo map[string]any
+	if !*noauth {
+		authheader := r.Header.Get("Authorization")
+		if len(authheader) == 0 {
+			logger.Println("Authorization header is not valid :", authheader)
+			w.WriteHeader(http.StatusBadRequest)
+			return
+		}
+
+		req, _ := http.NewRequest("GET", "https://graph.microsoft.com/oidc/userinfo", nil)
+		req.Header.Add("Authorization", authheader)
+		client := &http.Client{}
+
+		resp, err := client.Do(req)
+		if err != nil {
+			logger.Println("graph microsoft api call failed :", err)
+			w.WriteHeader(http.StatusBadRequest)
+			return
+		}
+		defer resp.Body.Close()
+
+		raw, _ := io.ReadAll(resp.Body)
+		if err = json.Unmarshal(raw, &userinfo); err != nil {
+			return
+		}
+
+		if _, expired := userinfo["error"]; expired {
+			w.WriteHeader(http.StatusUnauthorized)
+			return
+		}
+	}
+
 	var operation string
 	if r.Method == "POST" {
 		operation = r.FormValue("operation")
-		logger.Println("api called :", r.Form)
+		logger.Println("api called :", userinfo, r.Form)
 	} else {
 		operation = r.URL.Query().Get("operation")
-		logger.Println("api called :", r.URL.Query())
+		logger.Println("api called :", userinfo, r.URL.Query())
 	}
 
 	if len(operation) == 0 {