feat: make routing per role, add unlogged role
This commit is contained in:
@@ -16,9 +16,8 @@ import (
|
||||
)
|
||||
|
||||
// AuthMiddleware creates authentication middleware
|
||||
func AuthMiddleware() fiber.Handler {
|
||||
func Authenticate() fiber.Handler {
|
||||
authService := authService.NewAuthService()
|
||||
|
||||
return func(c fiber.Ctx) error {
|
||||
// Get token from Authorization header
|
||||
authHeader := c.Get("Authorization")
|
||||
@@ -26,17 +25,13 @@ func AuthMiddleware() fiber.Handler {
|
||||
// Try to get from cookie
|
||||
authHeader = c.Cookies("access_token")
|
||||
if authHeader == "" {
|
||||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
|
||||
"error": "authorization token required",
|
||||
})
|
||||
return c.Next()
|
||||
}
|
||||
} else {
|
||||
// Extract token from "Bearer <token>"
|
||||
parts := strings.Split(authHeader, " ")
|
||||
if len(parts) != 2 || parts[0] != "Bearer" {
|
||||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
|
||||
"error": "invalid authorization header format",
|
||||
})
|
||||
return c.Next()
|
||||
}
|
||||
authHeader = parts[1]
|
||||
}
|
||||
@@ -44,24 +39,18 @@ func AuthMiddleware() fiber.Handler {
|
||||
// Validate token
|
||||
claims, err := authService.ValidateToken(authHeader)
|
||||
if err != nil {
|
||||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
|
||||
"error": "invalid or expired token",
|
||||
})
|
||||
return c.Next()
|
||||
}
|
||||
|
||||
// Get user from database
|
||||
user, err := authService.GetUserByID(claims.UserID)
|
||||
if err != nil {
|
||||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
|
||||
"error": "user not found",
|
||||
})
|
||||
return c.Next()
|
||||
}
|
||||
|
||||
// Check if user is active
|
||||
if !user.IsActive {
|
||||
return c.Status(fiber.StatusForbidden).JSON(fiber.Map{
|
||||
"error": "user account is inactive",
|
||||
})
|
||||
return c.Next()
|
||||
}
|
||||
|
||||
// Create locale. LangID is overwritten by auth Token
|
||||
@@ -80,9 +69,7 @@ func AuthMiddleware() fiber.Handler {
|
||||
|
||||
// We now populate the target user
|
||||
if model.CustomerRole(user.Role.Name) != model.RoleAdmin {
|
||||
return c.Status(fiber.StatusForbidden).JSON(fiber.Map{
|
||||
"error": "admin access required",
|
||||
})
|
||||
return c.Next()
|
||||
}
|
||||
|
||||
targetUserID, err := strconv.Atoi(targetUserIDAttribute)
|
||||
@@ -115,6 +102,18 @@ func AuthMiddleware() fiber.Handler {
|
||||
}
|
||||
}
|
||||
|
||||
func Authorize() fiber.Handler {
|
||||
return func(c fiber.Ctx) error {
|
||||
_, ok := localeExtractor.GetUserID(c)
|
||||
if !ok {
|
||||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
|
||||
"error": "not authenticated",
|
||||
})
|
||||
}
|
||||
return c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
// RequireAdmin creates admin-only middleware
|
||||
func RequireAdmin() fiber.Handler {
|
||||
return func(c fiber.Ctx) error {
|
||||
|
||||
@@ -49,7 +49,7 @@ func AuthHandlerRoutes(r fiber.Router) fiber.Router {
|
||||
r.Get("/google", handler.GoogleLogin)
|
||||
r.Get("/google/callback", handler.GoogleCallback)
|
||||
|
||||
authProtected := r.Group("", middleware.AuthMiddleware())
|
||||
authProtected := r.Group("", middleware.Authorize())
|
||||
authProtected.Get("/me", handler.Me)
|
||||
authProtected.Post("/update-choice", handler.UpdateJWTToken)
|
||||
|
||||
|
||||
@@ -2,6 +2,7 @@ package public
|
||||
|
||||
import (
|
||||
"git.ma-al.com/goc_daniel/b2b/app/service/menuService"
|
||||
constdata "git.ma-al.com/goc_daniel/b2b/app/utils/const_data"
|
||||
"git.ma-al.com/goc_daniel/b2b/app/utils/i18n"
|
||||
"git.ma-al.com/goc_daniel/b2b/app/utils/localeExtractor"
|
||||
"git.ma-al.com/goc_daniel/b2b/app/utils/nullable"
|
||||
@@ -31,12 +32,21 @@ func RoutingHandlerRoutes(r fiber.Router) fiber.Router {
|
||||
}
|
||||
|
||||
func (h *RoutingHandler) GetRouting(c fiber.Ctx) error {
|
||||
lang_id, ok := localeExtractor.GetLangID(c)
|
||||
langId, ok := localeExtractor.GetLangID(c)
|
||||
if !ok {
|
||||
return c.Status(responseErrors.GetErrorStatus(responseErrors.ErrBadAttribute)).
|
||||
JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, responseErrors.ErrBadAttribute)))
|
||||
return c.Status(responseErrors.GetErrorStatus(responseErrors.ErrInvalidBody)).
|
||||
JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, responseErrors.ErrInvalidBody)))
|
||||
}
|
||||
menu, err := h.menuService.GetRoutes(lang_id)
|
||||
|
||||
var roleId uint
|
||||
customer, ok := localeExtractor.GetCustomer(c)
|
||||
if !ok {
|
||||
roleId = constdata.UNLOGGED_USER_ROLE_ID
|
||||
} else {
|
||||
roleId = customer.RoleID
|
||||
}
|
||||
|
||||
menu, err := h.menuService.GetRoutes(langId, roleId)
|
||||
if err != nil {
|
||||
return c.Status(responseErrors.GetErrorStatus(err)).
|
||||
JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, err)))
|
||||
|
||||
@@ -86,9 +86,10 @@ func (s *Server) Setup() error {
|
||||
|
||||
// API routes
|
||||
s.api = s.app.Group("/api/v1")
|
||||
s.api.Use(middleware.Authenticate())
|
||||
s.public = s.api.Group("/public")
|
||||
s.restricted = s.api.Group("/restricted")
|
||||
s.restricted.Use(middleware.AuthMiddleware())
|
||||
s.restricted.Use(middleware.Authorize())
|
||||
s.webdav = s.api.Group("/webdav")
|
||||
s.webdav.Use(middleware.Webdav())
|
||||
|
||||
|
||||
Reference in New Issue
Block a user