From 855a238343c3bcea84b352fdeb4393576f9eb217 Mon Sep 17 00:00:00 2001 From: Umputun Date: Tue, 1 Jan 2019 18:44:28 -0600 Subject: [PATCH] comment exmplaing wrapping admin only with auth --- middleware/auth.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/middleware/auth.go b/middleware/auth.go index 04719cab..f09432c1 100644 --- a/middleware/auth.go +++ b/middleware/auth.go @@ -126,6 +126,7 @@ func (a *Authenticator) refreshExpiredToken(w http.ResponseWriter, claims token. } // AdminOnly middleware allows access for admins only +// this handler internally wrapped with auth(true) to avoid situation if AdminOnly defined without prior Auth func (a *Authenticator) AdminOnly(next http.Handler) http.Handler { fn := func(w http.ResponseWriter, r *http.Request) { user, err := token.GetUserInfo(r) @@ -140,7 +141,7 @@ func (a *Authenticator) AdminOnly(next http.Handler) http.Handler { } next.ServeHTTP(w, r) } - return a.auth(true)(http.HandlerFunc(fn)) + return a.auth(true)(http.HandlerFunc(fn)) // enforce auth } // basic auth for admin user