如何检查数百或数千个 API 端点的身份验证?

huangapple go评论99阅读模式
英文:

How to check authentication for hundreds and thousands of API endpoints?

问题

我目前正在使用Golang(使用Gorilla框架)构建一个Web应用程序,并已经实现了一些API端点。然而,我注意到每次我实现一个像下面这样的函数时:

func CreateUserHandler(w http.ResponseWriter, r *http.Request) {}

我都必须在处理程序函数的主体中添加以下函数来检查请求是否经过授权:

func checkAuthorizedUser(r *http.Request) error {
    uid, err := CheckRequestUser(r.Cookie("uid"))
    if err != nil {
        return errors.New("无法找到uid的cookie值")
    }
    if !IsValidUser(uid.Value) {
        return errors.New("无效的用户")
    }
    return nil
}

目前我必须在每个处理程序函数中添加checkAuthorizedUser(),而且到目前为止我已经有很多处理程序函数了。我想知道是否有一种更好的方法来检查客户端是否有权限访问某个特定的端点,而不是在每个处理程序函数中显式地检查身份验证。

英文:

I am currently building a web application in golang (with Gorilla) and have implemented a handful of API endpoints. However, I noticed that every time I implement a function like

func CreateUserHandler(w http.ResponseWriter, r *http.Request) {}

I have to add the function below to the body of handler functions to check if request is authorized:

func checkAuthorizedUser (r * http.Request) error {
    uid, err := CheckRequestUser (r.Cookie("uid"))
    if err != nil {
        return errors.New("Can't find cookie value for uid")
    }
    if !IsValidUser (uid.Value) { 
        return errors.New("Not a valid user")
    }
    return nil
}

What happens to me right now is that I have to add checkAuthorizedUser() to every handler function, and I have already have a lot of handler functions so far. I wonder if there is a better way to check whether a client is authorized to access certain endpoint other than explicitly checking authentication in every handler function.

答案1

得分: 6

大猩猩有一个你可以使用的路由器。然后,你可以用身份验证检查包装路由器。类似下面的代码可以工作:

func checkPermissions(h http.Handler) http.HandlerFunc {
    return func(w http.ResponseWriter, r *http.Request) {
        authCheck := true // 实现实际的检查逻辑

        if authCheck {
            w.WriteError(w, 400, "error")
            return
        }

        h.ServeHTTP(w, r)
    }
}

func main() {
    r := mux.NewRouter()
    r.HandleFunc("/", HomeHandler)
    r.HandleFunc("/products", ProductsHandler)
    r.HandleFunc("/articles", ArticlesHandler)
    http.Handle("/", checkPermissions(r))
}

支持的链接:

https://godoc.org/github.com/gorilla/mux#NewRouter

https://github.com/gorilla/mux

英文:

Gorilla has a router you can use. You can then wrap the router with authentication checking. Something like this would work:

func checkPermissions(h http.Handler) http.HandlerFunc {
    return func(w http.ResponseWriter, r *http.Request) {
        authCheck := true //implement the actual checking

        if authCheck {
            w.WriteError(w, 400, "error")
            return
        }

        h.ServeHttp(w, r)
    }
}

func main() {
    r := mux.NewRouter()
    r.HandleFunc("/", HomeHandler)
    r.HandleFunc("/products", ProductsHandler)
    r.HandleFunc("/articles", ArticlesHandler)
    http.Handle("/", checkPermissions(r))
}

Supporting links:

https://godoc.org/github.com/gorilla/mux#NewRouter

https://github.com/gorilla/mux

huangapple
  • 本文由 发表于 2017年5月17日 04:57:04
  • 转载请务必保留本文链接:https://go.coder-hub.com/44011446.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定