blob: 8368dc72d17f9b50c64ed06c5290ee30bf516334 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
package tech.libeufin.sandbox
import UtilError
import io.ktor.http.*
import io.ktor.request.*
import org.jetbrains.exposed.sql.SqlExpressionBuilder.eq
import org.jetbrains.exposed.sql.transactions.transaction
import tech.libeufin.util.CryptoUtil
import tech.libeufin.util.LibeufinErrorCode
import tech.libeufin.util.getHTTPBasicAuthCredentials
/**
* HTTP basic auth. Throws error if password is wrong,
* and makes sure that the user exists in the system.
*
* @return user entity
*/
fun authenticateRequest(request: ApplicationRequest): SandboxUserEntity {
return transaction {
val (username, password) = getHTTPBasicAuthCredentials(request)
val user = SandboxUserEntity.find {
SandboxUsersTable.username eq username
}.firstOrNull()
if (user == null) {
throw UtilError(
HttpStatusCode.Unauthorized,
"Unknown user '$username'",
LibeufinErrorCode.LIBEUFIN_EC_AUTHENTICATION_FAILED
)
}
CryptoUtil.checkPwOrThrow(password, user.passwordHash)
user
}
}
fun requireSuperuser(request: ApplicationRequest): SandboxUserEntity {
return transaction {
val user = authenticateRequest(request)
if (!user.superuser) {
throw SandboxError(HttpStatusCode.Forbidden, "must be superuser")
}
user
}
}
|