From 1262d254736229618582f0963c9c30c4e66efb98 Mon Sep 17 00:00:00 2001 From: Christopher Speller Date: Wed, 31 Jan 2018 09:49:15 -0800 Subject: User based rate limiting (#8152) --- app/authentication.go | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) (limited to 'app/authentication.go') diff --git a/app/authentication.go b/app/authentication.go index 91e3bf564..140bffd5a 100644 --- a/app/authentication.go +++ b/app/authentication.go @@ -11,6 +11,30 @@ import ( "github.com/mattermost/mattermost-server/utils" ) +type TokenLocation int + +const ( + TokenLocationNotFound = iota + TokenLocationHeader + TokenLocationCookie + TokenLocationQueryString +) + +func (tl TokenLocation) String() string { + switch tl { + case TokenLocationNotFound: + return "Not Found" + case TokenLocationHeader: + return "Header" + case TokenLocationCookie: + return "Cookie" + case TokenLocationQueryString: + return "QueryString" + default: + return "Unknown" + } +} + func (a *App) IsPasswordValid(password string) *model.AppError { if utils.IsLicensed() && *utils.License().Features.PasswordRequirements { return utils.IsPasswordValidWithSettings(password, &a.Config().PasswordSettings) @@ -168,3 +192,26 @@ func (a *App) authenticateUser(user *model.User, password, mfaToken string) (*mo } } } + +func ParseAuthTokenFromRequest(r *http.Request) (string, TokenLocation) { + authHeader := r.Header.Get(model.HEADER_AUTH) + if len(authHeader) > 6 && strings.ToUpper(authHeader[0:6]) == model.HEADER_BEARER { + // Default session token + return authHeader[7:], TokenLocationHeader + } else if len(authHeader) > 5 && strings.ToLower(authHeader[0:5]) == model.HEADER_TOKEN { + // OAuth token + return authHeader[6:], TokenLocationHeader + } + + // Attempt to parse the token from the cookie + if cookie, err := r.Cookie(model.SESSION_COOKIE_TOKEN); err == nil { + return cookie.Value, TokenLocationCookie + } + + // Attempt to parse token out of the query string + if token := r.URL.Query().Get("access_token"); token != "" { + return token, TokenLocationQueryString + } + + return "", TokenLocationNotFound +} -- cgit v1.2.3-1-g7c22