move handlers to root folder
This commit is contained in:
Adrian Zürcher
@@ -1,165 +0,0 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"gitea.tecamino.com/paadi/tecamino-logger/logging"
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
)
|
||||
|
||||
// SetMiddlewareLogger
|
||||
//
|
||||
// Description:
|
||||
//
|
||||
// Registers a Gin middleware that attaches a custom logger instance
|
||||
// to every incoming request via the Gin context. This allows other
|
||||
// middleware and handlers to access the logger using:
|
||||
//
|
||||
// logger := c.MustGet("logger").(*logging.Logger)
|
||||
//
|
||||
// Parameters:
|
||||
// - r: The Gin engine to which the middleware is applied.
|
||||
// - logger: A pointer to the application's custom logger.
|
||||
//
|
||||
// Usage:
|
||||
//
|
||||
// handlers.SetMiddlewareLogger(router, logger)
|
||||
func SetMiddlewareLogger(r *gin.Engine, logger *logging.Logger) {
|
||||
// Add middleware that injects logger into context
|
||||
r.Use(func(c *gin.Context) {
|
||||
c.Set("logger", logger)
|
||||
c.Next()
|
||||
})
|
||||
}
|
||||
|
||||
// AuthMiddleware
|
||||
//
|
||||
// Description:
|
||||
//
|
||||
// A Gin middleware that performs authentication using a JWT token stored
|
||||
// in a cookie named "access_token". It validates the token and extracts
|
||||
// the user's role from the claims, storing it in the Gin context.
|
||||
//
|
||||
// Behavior:
|
||||
// - Requires that SetMiddlewareLogger was used earlier to inject the logger.
|
||||
// - If the JWT cookie is missing or invalid, it aborts the request with
|
||||
// an appropriate HTTP error (401 or 500).
|
||||
//
|
||||
// Returns:
|
||||
//
|
||||
// A Gin handler function that can be used as middleware.
|
||||
//
|
||||
// Usage:
|
||||
//
|
||||
// r.Use(handlers.AuthMiddleware())
|
||||
func AuthMiddleware() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
// Retrieve logger from Gin context
|
||||
middlewareLogger, ok := c.Get("logger")
|
||||
if !ok {
|
||||
log.Fatal("middleware logger not set — use SetMiddlewareLogger first")
|
||||
c.AbortWithStatusJSON(http.StatusInternalServerError, http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
logger := middlewareLogger.(*logging.Logger)
|
||||
|
||||
// Read access token from cookie
|
||||
cookie, err := c.Cookie("access_token")
|
||||
if err != nil {
|
||||
logger.Error("AuthMiddleware", err)
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"message": "not logged in"})
|
||||
return
|
||||
}
|
||||
|
||||
// Parse and validate JWT token
|
||||
token, err := jwt.Parse(cookie, func(t *jwt.Token) (any, error) {
|
||||
return ACCESS_SECRET, nil
|
||||
})
|
||||
if err != nil || !token.Valid {
|
||||
logger.Error("AuthMiddleware", err)
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"message": "invalid token"})
|
||||
return
|
||||
}
|
||||
|
||||
// Extract custom claims (role)
|
||||
if claims, ok := token.Claims.(jwt.MapClaims); ok {
|
||||
role, _ := claims["role"].(string)
|
||||
c.Set("role", role)
|
||||
}
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
// (AccessHandler).AuthorizeRole
|
||||
//
|
||||
// Description:
|
||||
//
|
||||
// A role-based authorization middleware. It checks whether the authenticated
|
||||
// user (based on the "role" set in AuthMiddleware) has permission to access
|
||||
// the given route. The check is performed by comparing the requested URL
|
||||
// path against the user’s allowed permissions.
|
||||
//
|
||||
// Parameters:
|
||||
// - suffix: A URL prefix to trim from the request path before matching
|
||||
// permissions (e.g., "/api/v1").
|
||||
//
|
||||
// Behavior:
|
||||
// - Fetches the user role from Gin context.
|
||||
// - Uses aH.GetRoleByKey() to retrieve role records and permissions.
|
||||
// - Grants access (calls c.Next()) if a matching permission is found.
|
||||
// - Denies access (401 Unauthorized) if no permission matches.
|
||||
//
|
||||
// Usage:
|
||||
//
|
||||
// router.GET("/secure/:id", aH.AuthorizeRole("/api/v1"))
|
||||
func (aH *AccessHandler) AuthorizeRole(suffix string) gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
aH.logger.Debug("AuthorizeRole", "permission path of url path")
|
||||
permissionPath := strings.TrimPrefix(c.Request.URL.Path, suffix+"/")
|
||||
|
||||
aH.logger.Debug("AuthorizeRole", "get set role")
|
||||
role, ok := c.Get("role")
|
||||
if !ok {
|
||||
aH.logger.Error("AuthorizeRole", "no role set")
|
||||
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"message": http.StatusInternalServerError})
|
||||
return
|
||||
}
|
||||
|
||||
// Fetch roles and associated permissions from the database or store
|
||||
roles, err := aH.GetRoleByKey("role", role, false)
|
||||
if err != nil {
|
||||
aH.logger.Error("AuthorizeRole", err)
|
||||
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"message": http.StatusInternalServerError})
|
||||
return
|
||||
}
|
||||
|
||||
// Validate that a role was found
|
||||
if len(roles) == 0 {
|
||||
log.Println("not logged in")
|
||||
aH.logger.Error("AuthorizeRole", "no logged in")
|
||||
c.JSON(http.StatusUnauthorized, http.StatusUnauthorized)
|
||||
return
|
||||
} else if len(roles) > 1 {
|
||||
aH.logger.Error("AuthorizeRole", "more than one record found")
|
||||
c.JSON(http.StatusInternalServerError, http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
// Check permissions
|
||||
for _, permission := range roles[0].Permissions {
|
||||
fmt.Println(100, permissionPath, permission.Name)
|
||||
if permission.Name == permissionPath {
|
||||
c.Next()
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// Access denied
|
||||
aH.logger.Error("AuthorizeRole", "Forbidden")
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"message": "Forbidden"})
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user