@@ -61,7 +61,7 @@ type StatusResponse struct {
6161 UserDescriptor json.RawMessage `json:"loggedInUser,omitempty"`
6262}
6363
64- func (t * Tmpauth ) serveStatus (w http.ResponseWriter , r * http. Request , token * CachedToken ) (int , error ) {
64+ func (t * Tmpauth ) serveStatus (w http.ResponseWriter , token * CachedToken ) (int , error ) {
6565 w .Header ().Set ("Content-Type" , "application/json" )
6666 w .WriteHeader (http .StatusOK )
6767
@@ -126,6 +126,7 @@ func (t *Tmpauth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error)
126126 }
127127
128128 statusRequested := false
129+ whomstRequested := false
129130
130131 if t .Matches (r .URL .Path , "/.well-known/tmpauth/" ) {
131132 if t .miniServerHost != "" {
@@ -170,6 +171,9 @@ func (t *Tmpauth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error)
170171 case "status" :
171172 statusRequested = true
172173 break
174+ case "whomst" :
175+ whomstRequested = true
176+ break
173177 default :
174178 return http .StatusBadRequest , fmt .Errorf ("tmpauth: no such path" )
175179 }
@@ -225,10 +229,14 @@ func (t *Tmpauth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error)
225229 })
226230 }
227231
232+ // Not authed, return an empty status or whomst response if requested
228233 if statusRequested {
229- return t .serveStatus (w , r , nil )
234+ return t .serveStatus (w , nil )
235+ } else if whomstRequested {
236+ return t .serveWhomst (w , nil )
230237 }
231238
239+ // Begin auth flow
232240 if authRequired {
233241 return t .StartAuth (w , r )
234242 }
@@ -240,8 +248,9 @@ func (t *Tmpauth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error)
240248 }
241249 }
242250
251+ // Token is available (authenticated, but not necessarily allowed), serve the status response if requested
243252 if statusRequested {
244- return t .serveStatus (w , r , cachedToken )
253+ return t .serveStatus (w , cachedToken )
245254 }
246255
247256 userAuthorized := false
@@ -267,6 +276,11 @@ func (t *Tmpauth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error)
267276 return http .StatusForbidden , fmt .Errorf ("tmpauth: user not in allowed list" )
268277 }
269278
279+ // Now serve the whomst response if requested (authenticated and authorized)
280+ if whomstRequested {
281+ return t .serveWhomst (w , cachedToken )
282+ }
283+
270284 return t .Next (w , r )
271285}
272286
@@ -374,6 +388,8 @@ func (t *Tmpauth) StartAuth(w http.ResponseWriter, r *http.Request) (int, error)
374388 return 0 , nil
375389}
376390
391+ // authFromCookie attempts to get the auth token from the cookie or the X-Tmpauth-Token header, and returns the
392+ // cachedToken (if it was successfully parsed), and any error.
377393func (t * Tmpauth ) authFromCookie (r * http.Request ) (* CachedToken , error ) {
378394 token := r .Header .Get ("X-Tmpauth-Token" )
379395 if token != "" {
@@ -388,6 +404,25 @@ func (t *Tmpauth) authFromCookie(r *http.Request) (*CachedToken, error) {
388404 return t .ParseWrappedAuthJWT (cookie .Value )
389405}
390406
407+ // serveWhomst returns the entire whomst database if the user is logged in.
408+ func (t * Tmpauth ) serveWhomst (w http.ResponseWriter , token * CachedToken ) (int , error ) {
409+ // If the user is not logged in, return an error
410+ if token == nil {
411+ return http .StatusUnauthorized , fmt .Errorf ("tmpauth: must be logged in to retrieve whomst database" )
412+ }
413+
414+ whomstData , err := t .Whomst ()
415+ if err != nil {
416+ return http .StatusInternalServerError , fmt .Errorf ("tmpauth: failed to retrieve whomst data: %w" , err )
417+ }
418+
419+ w .Header ().Set ("Content-Type" , "application/json" )
420+ w .WriteHeader (http .StatusOK )
421+ json .NewEncoder (w ).Encode (whomstData )
422+
423+ return 0 , nil
424+ }
425+
391426func (t * Tmpauth ) Whomst () (map [string ]json.RawMessage , error ) {
392427 var resp * http.Response
393428 var respErr error
0 commit comments