paadi/access-handler
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: paadi:v1.0.12
Branches Tags
paadi:main
paadi:v1.0.34 paadi:v1.0.33 paadi:v1.0.32 paadi:v1.0.31 paadi:v1.0.30 paadi:v1.0.29 paadi:v1.0.28 paadi:v1.0.27 paadi:v1.0.26 paadi:v1.0.25 paadi:v1.0.24 paadi:v1.0.23 paadi:v1.0.22 paadi:v1.0.21 paadi:v1.0.20 paadi:v1.0.19 paadi:v1.0.18 paadi:v1.0.17 paadi:v1.0.16 paadi:v1.0.15 paadi:v1.0.14 paadi:v1.0.13 paadi:v1.0.12 paadi:v1.0.11 paadi:v1.0.10 paadi:v1.0.9 paadi:v1.0.8 paadi:v1.0.7 paadi:v1.0.6 paadi:v1.0.5 paadi:v1.0.4 paadi:v1.0.3 paadi:v1.0.2 paadi:v1.0.1 paadi:v1.0.0
...
compare: paadi:v1.0.16
Branches Tags
paadi:main
paadi:v1.0.34 paadi:v1.0.33 paadi:v1.0.32 paadi:v1.0.31 paadi:v1.0.30 paadi:v1.0.29 paadi:v1.0.28 paadi:v1.0.27 paadi:v1.0.26 paadi:v1.0.25 paadi:v1.0.24 paadi:v1.0.23 paadi:v1.0.22 paadi:v1.0.21 paadi:v1.0.20 paadi:v1.0.19 paadi:v1.0.18 paadi:v1.0.17 paadi:v1.0.16 paadi:v1.0.15 paadi:v1.0.14 paadi:v1.0.13 paadi:v1.0.12 paadi:v1.0.11 paadi:v1.0.10 paadi:v1.0.9 paadi:v1.0.8 paadi:v1.0.7 paadi:v1.0.6 paadi:v1.0.5 paadi:v1.0.4 paadi:v1.0.3 paadi:v1.0.2 paadi:v1.0.1 paadi:v1.0.0

4 Commits
v1.0.12 ... v1.0.16

Author SHA1 Message Date
Adrian Zürcher
0506ed6491 add new user defined user exiration 2025-11-07 13:51:58 +01:00
Adrian Zürcher
296c2e001d fix delete function 2025-11-07 08:19:20 +01:00
Adrian Zürcher
0c37d014a9 fix exist check 2025-11-07 08:06:54 +01:00
Adrian Zürcher
1f60813589 add new default permission 2025-11-06 14:03:13 +01:00
7 changed files with 66 additions and 23 deletions
Expand all files Collapse all files

2
go.mod
View File

@@ -3,7 +3,7 @@ module gitea.tecamino.com/paadi/access-handler
go 1.24.5 go 1.24.5
require ( require (
gitea.tecamino.com/paadi/dbHandler v1.0.4 gitea.tecamino.com/paadi/dbHandler v1.0.8
gitea.tecamino.com/paadi/tecamino-logger v0.2.1 gitea.tecamino.com/paadi/tecamino-logger v0.2.1
github.com/gin-gonic/gin v1.11.0 github.com/gin-gonic/gin v1.11.0
github.com/go-playground/assert/v2 v2.2.0 github.com/go-playground/assert/v2 v2.2.0

4
go.sum
View File

@@ -1,5 +1,5 @@
gitea.tecamino.com/paadi/dbHandler v1.0.4 h1:ctnaec0GDdtw3gRQdUISVDYLJ9x+vt50VW41OemfhD4= gitea.tecamino.com/paadi/dbHandler v1.0.8 h1:ZWSBM/KFtLwTv2cBqwK1mOxWAxAfL0BcWEC3kJ9JALU=
gitea.tecamino.com/paadi/dbHandler v1.0.4/go.mod h1:y/xn/POJg1DO++67uKvnO23lJQgh+XFQq7HZCS9Getw= gitea.tecamino.com/paadi/dbHandler v1.0.8/go.mod h1:y/xn/POJg1DO++67uKvnO23lJQgh+XFQq7HZCS9Getw=
gitea.tecamino.com/paadi/tecamino-logger v0.2.1 h1:sQTBKYPdzn9mmWX2JXZBtGBvNQH7cuXIwsl4TD0aMgE= gitea.tecamino.com/paadi/tecamino-logger v0.2.1 h1:sQTBKYPdzn9mmWX2JXZBtGBvNQH7cuXIwsl4TD0aMgE=
gitea.tecamino.com/paadi/tecamino-logger v0.2.1/go.mod h1:FkzRTldUBBOd/iy2upycArDftSZ5trbsX5Ira5OzJgM= gitea.tecamino.com/paadi/tecamino-logger v0.2.1/go.mod h1:FkzRTldUBBOd/iy2upycArDftSZ5trbsX5Ira5OzJgM=
github.com/bytedance/sonic v1.14.0 h1:/OfKt8HFw0kh2rj8N0F6C/qPGRESq0BbaNZgcNXXzQQ= github.com/bytedance/sonic v1.14.0 h1:/OfKt8HFw0kh2rj8N0F6C/qPGRESq0BbaNZgcNXXzQQ=

25
handlers/login.go
View File

@@ -49,6 +49,10 @@ func (aH *AccessHandler) Login(c *gin.Context) {
aH.logger.Error("Login", "user empty") aH.logger.Error("Login", "user empty")
c.JSON(http.StatusBadRequest, models.NewJsonMessageResponse("user empty")) c.JSON(http.StatusBadRequest, models.NewJsonMessageResponse("user empty"))
return return
} else if !user.ExpirationIsValid() {
aH.logger.Error("Login", fmt.Sprintf("user %s is expired", user.Name))
c.JSON(http.StatusUnauthorized, models.NewJsonMessageResponse("user "+user.Name+" is expired"))
return
} }
// Fetch user record from DB // Fetch user record from DB
@@ -89,6 +93,7 @@ func (aH *AccessHandler) Login(c *gin.Context) {
"role": user.Role, "role": user.Role,
"type": "access", "type": "access",
"exp": accessTokenExp.Unix(), "exp": accessTokenExp.Unix(),
"userExpiration": user.Expiration,
}) })
// Create refresh token // Create refresh token
@@ -98,6 +103,7 @@ func (aH *AccessHandler) Login(c *gin.Context) {
"role": user.Role, "role": user.Role,
"type": "refresh", "type": "refresh",
"exp": refreshTokenExp.Unix(), "exp": refreshTokenExp.Unix(),
"userExpiration": user.GetExpiration(),
}) })
// Sign tokens // Sign tokens
@@ -175,6 +181,12 @@ func (aH *AccessHandler) Refresh(c *gin.Context) {
id := int(claims["id"].(float64)) id := int(claims["id"].(float64))
role := claims["role"].(string) role := claims["role"].(string)
if !expirationDateValid(claims["userExpiration"].(string)) {
aH.logger.Error("Login", fmt.Sprintf("user %s is expired", username))
c.JSON(http.StatusUnauthorized, models.NewJsonMessageResponse("user "+username+" is expired"))
return
}
// Create new access token // Create new access token
aH.logger.Debug("Refresh", "create new access token") aH.logger.Debug("Refresh", "create new access token")
accessExp := time.Now().Add(ACCESS_TOKEN_TIME) accessExp := time.Now().Add(ACCESS_TOKEN_TIME)
@@ -240,3 +252,16 @@ func (aH *AccessHandler) Logout(c *gin.Context) {
c.JSON(http.StatusOK, gin.H{"message": "logged out"}) c.JSON(http.StatusOK, gin.H{"message": "logged out"})
} }
func expirationDateValid(expiration string) bool {
if expiration == "" {
return true // No expiration = always valid
}
t, err := time.Parse(time.RFC3339, expiration)
if err != nil {
return false // Invalid date format
}
return time.Now().Before(t)
}

4
handlers/role.go
View File

@@ -17,7 +17,7 @@ func (aH *AccessHandler) AddDefaultRole() (err error) {
role := "admin" role := "admin"
// Check if a role with this name already exists // Check if a role with this name already exists
if err := aH.dbHandler.Exists(&models.Role{}, "role", role, false); err == nil { if aH.dbHandler.Exists(&models.Role{}, "role", role, false) {
// Found a role → skip creation // Found a role → skip creation
aH.logger.Debug("AddDefaultRole", "role "+role+" exists already") aH.logger.Debug("AddDefaultRole", "role "+role+" exists already")
return nil return nil
@@ -52,7 +52,7 @@ func (aH *AccessHandler) AddRole(c *gin.Context) {
} }
// Check if a role with this name already exists // Check if a role with this name already exists
if err := aH.dbHandler.Exists(&models.Role{}, "role", role.Role, false); err == nil { if aH.dbHandler.Exists(&models.Role{}, "role", role.Role, false) {
aH.logger.Error("AddRole", fmt.Sprintf("role with name %s already exists", role.Role)) aH.logger.Error("AddRole", fmt.Sprintf("role with name %s already exists", role.Role))
c.JSON(http.StatusBadRequest, models.NewJsonMessageResponse(fmt.Sprintf("role with name %s already exists", role.Role))) c.JSON(http.StatusBadRequest, models.NewJsonMessageResponse(fmt.Sprintf("role with name %s already exists", role.Role)))
} }

4
handlers/user.go
View File

@@ -21,7 +21,7 @@ func (aH *AccessHandler) AddDefaultUser() (err error) {
email := "zuercher@tecamino.ch" email := "zuercher@tecamino.ch"
// Check if a user with this email already exists // Check if a user with this email already exists
if err := aH.dbHandler.Exists(&models.User{}, "email", email, false); err == nil { if aH.dbHandler.Exists(&models.User{}, "email", email, false) {
aH.logger.Debug("AddDefaultUser", "user email "+email+" exists already") aH.logger.Debug("AddDefaultUser", "user email "+email+" exists already")
// Found a user → skip create // Found a user → skip create
return nil return nil
@@ -59,7 +59,7 @@ func (aH *AccessHandler) AddUser(c *gin.Context) {
} }
// Check if a user with this email already exists // Check if a user with this email already exists
if err := aH.dbHandler.Exists(&models.User{}, "email", user.Email, false); err == nil { if aH.dbHandler.Exists(&models.User{}, "email", user.Email, false) {
// Found a user → skip create // Found a user → skip create
aH.logger.Error("AddUser", "user with email "+user.Email+" already exists") aH.logger.Error("AddUser", "user with email "+user.Email+" already exists")
c.JSON(http.StatusBadRequest, models.NewJsonMessageResponse(fmt.Sprintf("user with email %s already exists", user.Email))) c.JSON(http.StatusBadRequest, models.NewJsonMessageResponse(fmt.Sprintf("user with email %s already exists", user.Email)))

1
models/permission.go
View File

@@ -14,6 +14,7 @@ func (r *Permissions) DefaultPermissions() {
Permission{Name: "userSettings", Permission: 7}, Permission{Name: "userSettings", Permission: 7},
Permission{Name: "members", Permission: 7}, Permission{Name: "members", Permission: 7},
Permission{Name: "events", Permission: 7}, Permission{Name: "events", Permission: 7},
Permission{Name: "responsible", Permission: 7},
) )
} }

19
models/user.go
View File

@@ -1,14 +1,31 @@
package models package models
import "time"
type User struct { type User struct {
Id uint `gorm:"primaryKey" json:"id"` Id uint `gorm:"primaryKey" json:"id"`
Name string `gorm:"column:user_name" json:"user"` Name string `gorm:"column:user_name" json:"user"`
Email string `gorm:"column:email" json:"email"` Email string `gorm:"column:email" json:"email"`
Role string `gorm:"column:role" json:"role,omitempty"` Role string `gorm:"column:role" json:"role,omitempty"`
Password string `gorm:"column:password" json:"password"` Password string `gorm:"column:password" json:"password"`
Settings Settings `gorm:"type:json" json:"settings,omitempty"` Expiration *time.Time `gorm:"column:expiration" json:"expiration,omitempty"`
Settings Settings `gorm:"type:json" json:"settings"`
} }
func (u *User) IsValid() bool { func (u *User) IsValid() bool {
return u.Name != "" return u.Name != ""
} }
func (u *User) ExpirationIsValid() bool {
if u.Expiration == nil {
return true
}
return time.Now().Before(*u.Expiration)
}
func (u *User) GetExpiration() string {
if u.Expiration == nil {
return ""
}
return u.Expiration.Format(time.RFC3339)
}