Nemcio/GitBucket
1
0
Fork 0
mirror of https://github.com/gitbucket/gitbucket.git synced 2025-11-09 06:55:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add Authorization logic to Controller

Browse Source
This commit is contained in:
nazoking
2015-01-28 18:57:14 +09:00
parent d6946b93c3
commit 3fd97662f5
2 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/main/scala/app/ControllerBase.scala
View File

@@ -10,7 +10,7 @@ import org.json4s._
import jp.sf.amateras.scalatra.forms._ import jp.sf.amateras.scalatra.forms._
import org.apache.commons.io.FileUtils import org.apache.commons.io.FileUtils
import model._ import model._
import service.{SystemSettingsService, AccountService} import service.{SystemSettingsService, AccountService, AccessTokenService}
import javax.servlet.http.{HttpServletResponse, HttpServletRequest} import javax.servlet.http.{HttpServletResponse, HttpServletRequest}
import javax.servlet.{FilterChain, ServletResponse, ServletRequest} import javax.servlet.{FilterChain, ServletResponse, ServletRequest}
import org.scalatra.i18n._ import org.scalatra.i18n._
@@ -74,7 +74,12 @@ abstract class ControllerBase extends ScalatraFilter
} }
} }
private def LoginAccount: Option[Account] = session.getAs[Account](Keys.Session.LoginAccount) private def LoginAccount: Option[Account] = {
Option(request.getHeader("Authorization")) match {
case Some(auth) if auth.startsWith("token ") => AccessTokenService.getAccountByAccessToken(auth.substring(6).trim)
case _ => session.getAs[Account](Keys.Session.LoginAccount)
}
}
def ajaxGet(path : String)(action : => Any) : Route = def ajaxGet(path : String)(action : => Any) : Route =
super.get(path){ super.get(path){

11
src/main/scala/service/AccesTokenService.scala
View File

@@ -2,7 +2,7 @@ package service
import model.Profile._ import model.Profile._
import profile.simple._ import profile.simple._
import model.AccessToken import model.{Account, AccessToken}
import util.StringUtil import util.StringUtil
import scala.util.Random import scala.util.Random
@@ -34,6 +34,13 @@ trait AccessTokenService {
(tokenId, token) (tokenId, token)
} }
def getAccountByAccessToken(token: String)(implicit s: Session): Option[Account] =
Accounts
.innerJoin(AccessTokens)
.filter{ case (ac, t) => (ac.userName === t.userName) && (t.tokenHash === tokenToHash(token).bind) && (ac.removed === false.bind) }
.map{ case (ac, t) => ac }
.firstOption
def getAccessTokens(userName: String)(implicit s: Session): List[AccessToken] = def getAccessTokens(userName: String)(implicit s: Session): List[AccessToken] =
AccessTokens.filter(_.userName === userName.bind).sortBy(_.accessTokenId.desc).list AccessTokens.filter(_.userName === userName.bind).sortBy(_.accessTokenId.desc).list
@@ -41,3 +48,5 @@ trait AccessTokenService {
AccessTokens filter (t => t.userName === userName.bind && t.accessTokenId === accessTokenId) delete AccessTokens filter (t => t.userName === userName.bind && t.accessTokenId === accessTokenId) delete
} }
object AccessTokenService extends AccessTokenService