Skip to content

Commit

Permalink
comment exmplaing wrapping admin only with auth
Browse files Browse the repository at this point in the history
  • Loading branch information
@umputun
umputun committed Jan 2, 2019
1 parent f883e6f commit 855a238
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion middleware/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,7 @@ func (a *Authenticator) refreshExpiredToken(w http.ResponseWriter, claims token.
}

// AdminOnly middleware allows access for admins only
// this handler internally wrapped with auth(true) to avoid situation if AdminOnly defined without prior Auth
func (a *Authenticator) AdminOnly(next http.Handler) http.Handler {
fn := func(w http.ResponseWriter, r *http.Request) {
user, err := token.GetUserInfo(r)
Expand All @@ -140,7 +141,7 @@ func (a *Authenticator) AdminOnly(next http.Handler) http.Handler {
}
next.ServeHTTP(w, r)
}
return a.auth(true)(http.HandlerFunc(fn))
return a.auth(true)(http.HandlerFunc(fn)) // enforce auth
}

// basic auth for admin user
Expand Down

0 comments on commit 855a238

Please sign in to comment.