summaryrefslogtreecommitdiff
path: root/contrib/tlsauth/auth.go
diff options
context:
space:
mode:
authortjpcc <tjp@ctrl-c.club>2023-10-09 08:56:53 -0600
committertjpcc <tjp@ctrl-c.club>2023-10-09 08:56:53 -0600
commitcedcf58ea7d729acb6ed1a9ab7aec1ae38aed102 (patch)
treec04144501fa461b840cea96951f23d926b596ff7 /contrib/tlsauth/auth.go
parent1a14f01df1c220f1b8a0dcee1eada007aca8d43f (diff)
more useful tlsauth.Approver type
the predicate function should be able to see the whole context and request
Diffstat (limited to 'contrib/tlsauth/auth.go')
-rw-r--r--contrib/tlsauth/auth.go31
1 files changed, 0 insertions, 31 deletions
diff --git a/contrib/tlsauth/auth.go b/contrib/tlsauth/auth.go
index 439d297..ff8529b 100644
--- a/contrib/tlsauth/auth.go
+++ b/contrib/tlsauth/auth.go
@@ -1,7 +1,6 @@
package tlsauth
import (
- "context"
"crypto/x509"
sr "tildegit.org/tjp/sliderule"
@@ -14,33 +13,3 @@ func Identity(request *sr.Request) *x509.Certificate {
}
return request.TLSState.PeerCertificates[0]
}
-
-// RequiredAuth produces an auth predicate.
-//
-// The check requires both that there is a client certificate associated with the
-// request and that it passes the provided approver.
-func RequiredAuth(approve Approver) func(context.Context, *sr.Request) bool {
- return func(_ context.Context, request *sr.Request) bool {
- identity := Identity(request)
- if identity == nil {
- return false
- }
-
- return approve(identity)
- }
-}
-
-// OptionalAuth produces an auth predicate.
-//
-// The check allows through any request with no client certificate, but if
-// there is one present then it requires that it pass the provided approver.
-func OptionalAuth(approve Approver) func(context.Context, *sr.Request) bool {
- return func(_ context.Context, request *sr.Request) bool {
- identity := Identity(request)
- if identity == nil {
- return true
- }
-
- return approve(identity)
- }
-}