swissmakers_gmbh/fail2ban-ui
12
1
Fork 0
mirror of https://github.com/swissmakers/fail2ban-ui.git synced 2026-04-17 05:53:15 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Optimized auth.go descriptions

Browse Source
This commit is contained in:
Michael Reber
2026-02-14 21:59:49 +01:00
parent 3c063aabaf
commit 52c319c0c1
1 changed files with 4 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
pkg/web/auth.go
View File

@@ -24,41 +24,30 @@ import (
"github.com/swissmakers/fail2ban-ui/internal/auth" "github.com/swissmakers/fail2ban-ui/internal/auth"
) )
// AuthMiddleware protects routes requiring authentication // If OIDC is enabled, this validates the session and redirects to login if not authenticated
// If OIDC is enabled, validates session and redirects to login if not authenticated // If OIDC is disabled, it allows all requests
// If OIDC is disabled, allows all requests
func AuthMiddleware() gin.HandlerFunc { func AuthMiddleware() gin.HandlerFunc {
return func(c *gin.Context) { return func(c *gin.Context) {
// Check if OIDC is enabled
if !auth.IsEnabled() { if !auth.IsEnabled() {
// OIDC not enabled, allow request
c.Next() c.Next()
return return
} }
// Check if this is a public route
path := c.Request.URL.Path path := c.Request.URL.Path
if isPublicRoute(path) { if isPublicRoute(path) {
c.Next() c.Next()
return return
} }
// Validate session
session, err := auth.GetSession(c.Request) session, err := auth.GetSession(c.Request)
if err != nil { if err != nil {
// No valid session, redirect to login
if isAPIRequest(c) { if isAPIRequest(c) {
c.JSON(http.StatusUnauthorized, gin.H{"error": "Authentication required"}) c.JSON(http.StatusUnauthorized, gin.H{"error": "Authentication required"})
c.Abort() c.Abort()
return return
} }
// For HTML requests, redirect to login
c.Redirect(http.StatusFound, "/auth/login") c.Redirect(http.StatusFound, "/auth/login")
c.Abort() c.Abort()
return return
} }
// Store session in context for handlers to access
c.Set("session", session) c.Set("session", session)
c.Set("userID", session.UserID) c.Set("userID", session.UserID)
c.Set("userEmail", session.Email) c.Set("userEmail", session.Email)
@@ -69,7 +58,7 @@ func AuthMiddleware() gin.HandlerFunc {
} }
} }
// isPublicRoute checks if the path is a public route that doesn't require authentication // Checks if path is a public route (that does not require authentication)
func isPublicRoute(path string) bool { func isPublicRoute(path string) bool {
publicRoutes := []string{ publicRoutes := []string{
"/auth/login", "/auth/login",
@@ -82,17 +71,15 @@ func isPublicRoute(path string) bool {
"/static/", "/static/",
"/locales/", "/locales/",
} }
for _, route := range publicRoutes { for _, route := range publicRoutes {
if strings.HasPrefix(path, route) { if strings.HasPrefix(path, route) {
return true return true
} }
} }
return false return false
} }
// isAPIRequest checks if the request is an API request (JSON expected) // Checks if the request is an API request
func isAPIRequest(c *gin.Context) bool { func isAPIRequest(c *gin.Context) bool {
accept := c.GetHeader("Accept") accept := c.GetHeader("Accept")
return strings.Contains(accept, "application/json") || strings.HasPrefix(c.Request.URL.Path, "/api/") return strings.Contains(accept, "application/json") || strings.HasPrefix(c.Request.URL.Path, "/api/")