-auth-required option and optional :ro per-user attribute

[gocheese.git] / upload.go

diff --git a/upload.go b/upload.go
index c05370569a384634c8517e46ed0e1357534b1055..7e5ed2a6c5f7a9a5b55eb102c01f83ebadc63413 100644 (file)
--- a/upload.go
+++ b/upload.go
@@ -36,19 +36,15 @@ import (
 var NormalizationRe = regexp.MustCompilePOSIX("[-_.]+")
 
 func serveUpload(w http.ResponseWriter, r *http.Request) {
-       // Authentication
-       username, password, ok := r.BasicAuth()
-       if !ok {
-               log.Println(r.RemoteAddr, "unauthenticated", username)
-               http.Error(w, "unauthenticated", http.StatusUnauthorized)
+       user := r.Context().Value(CtxUserKey).(*User)
+       if user == nil {
+               log.Println(r.RemoteAddr, "unauthorised")
+               http.Error(w, "unauthorised", http.StatusUnauthorized)
                return
        }
-       PasswordsM.RLock()
-       auther, ok := Passwords[username]
-       PasswordsM.RUnlock()
-       if !ok || !auther.Auth(password) {
-               log.Println(r.RemoteAddr, "unauthenticated", username)
-               http.Error(w, "unauthenticated", http.StatusUnauthorized)
+       if user.ro {
+               log.Println(r.RemoteAddr, "ro user", user.name)
+               http.Error(w, "unauthorised", http.StatusUnauthorized)
                return
        }
 
@@ -93,7 +89,7 @@ func serveUpload(w http.ResponseWriter, r *http.Request) {
 
        for _, file := range r.MultipartForm.File["content"] {
                filename := file.Filename
-               log.Println(r.RemoteAddr, "put", filename, "by", username)
+               log.Println(r.RemoteAddr, "put", filename, "by", user.name)
                path := filepath.Join(dirPath, filename)
                if _, err = os.Stat(path); err == nil {
                        log.Println(r.RemoteAddr, filename, "already exists")