-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsecurityCheck.go
46 lines (38 loc) · 1.13 KB
/
securityCheck.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
package gtbackend
import (
"context"
"firebase.google.com/go"
"net/http"
)
// fileNameSC filename
const fileNameSC = "securityCheck.go"
// SecurityMiddleware - capture http.Handle.
type SecurityMiddleware struct {
App *firebase.App
}
// CheckIncomingRequests - Logs request traffic into our app.
func (sec *SecurityMiddleware) CheckIncomingRequests(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if checkIncomingRequests(r, sec.App) {
next.ServeHTTP(w, r)
} else {
http.Error(w, "Forbidden", http.StatusForbidden)
}
})
}
func checkIncomingRequests(r *http.Request, app *firebase.App) bool {
log := DebugLogPrepareHeader(fileNameSC, "checkIncomingRequests")
client, err := app.Auth(context.Background())
if err != nil {
DebugLogErrMsg(log, err, "Cannot connect to Auth client")
return false
}
token, err := client.VerifyIDToken(context.Background(), r.Header.Get("token"))
if err != nil {
DebugLogErrMsg(log, err, "Failed to authenticate user")
return false
}
// Pre-fill uid to correct UID corresponding to IDToken
r.Header.Set("uid", token.UID)
return true
}