authelia/internal/handlers/handler_authz_impl_legacy.go

package handlers

import (
	"fmt"
	"net/url"

	"github.com/valyala/fasthttp"

	"github.com/authelia/authelia/v4/internal/authorization"
	"github.com/authelia/authelia/v4/internal/middlewares"
)

func handleAuthzGetObjectLegacy(ctx *middlewares.AutheliaCtx) (object authorization.Object, err error) {
	var (
		targetURL *url.URL
		method    []byte
	)

	if targetURL, err = ctx.GetXOriginalURLOrXForwardedURL(); err != nil {
		return object, fmt.Errorf("failed to get target URL: %w", err)
	}

	if method = ctx.XForwardedMethod(); len(method) == 0 {
		method = ctx.Method()
	}

	if hasInvalidMethodCharacters(method) {
		return object, fmt.Errorf("header 'X-Forwarded-Method' with value '%s' has invalid characters", method)
	}

	return authorization.NewObjectRaw(targetURL, method), nil
}

func handleAuthzUnauthorizedLegacy(ctx *middlewares.AutheliaCtx, authn *Authn, redirectionURL *url.URL) {
	var (
		statusCode int
	)

	if authn.Type == AuthnTypeAuthorization {
		handleAuthzUnauthorizedAuthorizationBasic(ctx, authn)

		return
	}

	switch {
	case ctx.IsXHR() || !ctx.AcceptsMIME("text/html") || redirectionURL == nil:
		statusCode = fasthttp.StatusUnauthorized
	default:
		switch authn.Object.Method {
		case fasthttp.MethodGet, fasthttp.MethodOptions, fasthttp.MethodHead, "":
			statusCode = fasthttp.StatusFound
		default:
			statusCode = fasthttp.StatusSeeOther
		}
	}

	if redirectionURL != nil {
		ctx.Logger.Infof(logFmtAuthzRedirect, authn.Object.URL.String(), authn.Method, authn.Username, statusCode, redirectionURL)

		switch authn.Object.Method {
		case fasthttp.MethodHead:
			ctx.SpecialRedirectNoBody(redirectionURL.String(), statusCode)
		default:
			ctx.SpecialRedirect(redirectionURL.String(), statusCode)
		}
	} else {
		ctx.Logger.Infof("Access to %s (method %s) is not authorized to user %s, responding with status code %d", authn.Object.URL.String(), authn.Method, authn.Username, statusCode)
		ctx.ReplyUnauthorized()
	}
}
feat(server): customizable authz endpoints (#4296) This allows users to customize the authz endpoints. Closes #2753, Fixes #3716 Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-25 09:36:40 +00:00			`package handlers`

			`import (`
			`"fmt"`
			`"net/url"`

			`"github.com/valyala/fasthttp"`

			`"github.com/authelia/authelia/v4/internal/authorization"`
			`"github.com/authelia/authelia/v4/internal/middlewares"`
			`)`

			`func handleAuthzGetObjectLegacy(ctx *middlewares.AutheliaCtx) (object authorization.Object, err error) {`
			`var (`
			`targetURL *url.URL`
			`method []byte`
			`)`

			`if targetURL, err = ctx.GetXOriginalURLOrXForwardedURL(); err != nil {`
			`return object, fmt.Errorf("failed to get target URL: %w", err)`
			`}`

			`if method = ctx.XForwardedMethod(); len(method) == 0 {`
			`method = ctx.Method()`
			`}`

			`if hasInvalidMethodCharacters(method) {`
			`return object, fmt.Errorf("header 'X-Forwarded-Method' with value '%s' has invalid characters", method)`
			`}`

			`return authorization.NewObjectRaw(targetURL, method), nil`
			`}`

			`func handleAuthzUnauthorizedLegacy(ctx middlewares.AutheliaCtx, authn Authn, redirectionURL *url.URL) {`
			`var (`
			`statusCode int`
			`)`

			`if authn.Type == AuthnTypeAuthorization {`
			`handleAuthzUnauthorizedAuthorizationBasic(ctx, authn)`

			`return`
			`}`

			`switch {`
			`case ctx.IsXHR() \|\| !ctx.AcceptsMIME("text/html") \|\| redirectionURL == nil:`
			`statusCode = fasthttp.StatusUnauthorized`
			`default:`
			`switch authn.Object.Method {`
feat(handlers): authz authrequest authelia url (#5181) This adjusts the AuthRequest Authz implementation behave similarly to the other implementations in as much as Authelia can return the relevant redirection to the proxy and the proxy just utilizes it if possible. In addition it swaps the HAProxy examples over to the ForwardAuth implementation as that's now supported. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-04-08 04:48:55 +00:00			`case fasthttp.MethodGet, fasthttp.MethodOptions, fasthttp.MethodHead, "":`
feat(server): customizable authz endpoints (#4296) This allows users to customize the authz endpoints. Closes #2753, Fixes #3716 Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-25 09:36:40 +00:00			`statusCode = fasthttp.StatusFound`
			`default:`
			`statusCode = fasthttp.StatusSeeOther`
			`}`
			`}`

			`if redirectionURL != nil {`
feat(handlers): authz authrequest authelia url (#5181) This adjusts the AuthRequest Authz implementation behave similarly to the other implementations in as much as Authelia can return the relevant redirection to the proxy and the proxy just utilizes it if possible. In addition it swaps the HAProxy examples over to the ForwardAuth implementation as that's now supported. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-04-08 04:48:55 +00:00			`ctx.Logger.Infof(logFmtAuthzRedirect, authn.Object.URL.String(), authn.Method, authn.Username, statusCode, redirectionURL)`

			`switch authn.Object.Method {`
			`case fasthttp.MethodHead:`
			`ctx.SpecialRedirectNoBody(redirectionURL.String(), statusCode)`
			`default:`
			`ctx.SpecialRedirect(redirectionURL.String(), statusCode)`
			`}`
feat(server): customizable authz endpoints (#4296) This allows users to customize the authz endpoints. Closes #2753, Fixes #3716 Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-25 09:36:40 +00:00			`} else {`
			`ctx.Logger.Infof("Access to %s (method %s) is not authorized to user %s, responding with status code %d", authn.Object.URL.String(), authn.Method, authn.Username, statusCode)`
			`ctx.ReplyUnauthorized()`
			`}`
			`}`