From 8b06f62e90b17ded3b8df850b03fb7a0b8872a3b Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Tue, 26 Feb 2019 19:23:28 +0100
Subject: [PATCH] token-validator: can filter access through handlers

---
 token-validator/handler.go | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/token-validator/handler.go b/token-validator/handler.go
index 47d2d26..e4edab0 100644
--- a/token-validator/handler.go
+++ b/token-validator/handler.go
@@ -38,7 +38,7 @@ func remoteValidatorHandler(f func(http.ResponseWriter, *http.Request, httproute
 	}
 }
 
-func rawHandler(f func(*http.Request, httprouter.Params, []byte) (interface{}, error)) func(http.ResponseWriter, *http.Request, httprouter.Params) {
+func rawHandler(f func(*http.Request, httprouter.Params, []byte) (interface{}, error), access ...func(*Student, *http.Request) error) func(http.ResponseWriter, *http.Request, httprouter.Params) {
 	return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 		if addr := r.Header.Get("X-Forwarded-For"); addr != "" {
 			r.RemoteAddr = addr
@@ -50,6 +50,14 @@ func rawHandler(f func(*http.Request, httprouter.Params, []byte) (interface{}, e
 		var ret interface{}
 		var err error = nil
 
+		// Check access limitation
+		for _, a := range access {
+			if err := a(nil, r); err != nil {
+				http.Error(w, fmt.Sprintf("{errmsg:\"You're not allowed to access this page this way!\"}", err), http.StatusForbidden)
+				return
+			}
+		}
+
 		// Read the body
 		if r.ContentLength < 0 || r.ContentLength > 6553600 {
 			http.Error(w, fmt.Sprintf("{errmsg:\"Request too large or request size unknown\"}", err), http.StatusRequestEntityTooLarge)
@@ -99,8 +107,8 @@ func rawHandler(f func(*http.Request, httprouter.Params, []byte) (interface{}, e
 	}
 }
 
-func apiHandler(f DispatchFunction) func(http.ResponseWriter, *http.Request, httprouter.Params) {
-	return rawHandler(func (_ *http.Request, ps httprouter.Params, b []byte) (interface{}, error) { return f(ps, b) })
+func apiHandler(f DispatchFunction, access ...func(*Student, *http.Request) error) func(http.ResponseWriter, *http.Request, httprouter.Params) {
+	return rawHandler(func (_ *http.Request, ps httprouter.Params, b []byte) (interface{}, error) { return f(ps, b) }, access...)
 }
 
 func studentHandler(f func(Student, []byte) (interface{}, error)) func(httprouter.Params, []byte) (interface{}, error) {