more useful tlsauth.Approver type

the predicate function should be able to see the whole context and request

1 files changed, 15 insertions, 5 deletions

diff --git a/contrib/tlsauth/approver.go b/contrib/tlsauth/approver.go
index 064056d..ed442ce 100644
--- a/contrib/tlsauth/approver.go
+++ b/contrib/tlsauth/approver.go
@@ -1,17 +1,27 @@
 package tlsauth
 
-import "crypto/x509"
+import (
+	"context"
+	"crypto/x509"
+
+	"tildegit.org/tjp/sliderule"
+)
 
 // Approver is a function that validates a certificate.
 //
 // It should not be have to handle a nil argument.
-type Approver func(*x509.Certificate) bool
+type Approver func(context.Context, *sliderule.Request) bool
 
 // RequireSpecificIdentity builds an approver that demands one specific client certificate.
-func RequireSpecificIdentity(identity *x509.Certificate) Approver { return identity.Equal }
+func RequireSpecificIdentity(identity *x509.Certificate) Approver {
+	return func(_ context.Context, request *sliderule.Request) bool {
+		cert := Identity(request)
+		return cert != nil && identity.Equal(cert)
+	}
+}
 
 // Allow is an approver which permits anything.
-func Allow(_ *x509.Certificate) bool { return true }
+func Allow(_ context.Context, _ *sliderule.Request) bool { return true }
 
 // Reject is an approver which denies everything.
-func Reject(_ *x509.Certificate) bool { return false }
+func Reject(_ context.Context, _ *sliderule.Request) bool { return false }