bleh
More API stuff. Lots of bleh. Really boring Also need to figure out a somewhat generic way for "requires ownership" permission and then a combinator for permissions
This commit is contained in:
parent
ffe3cf32ae
commit
1bb6cd8a70
8 changed files with 438 additions and 300 deletions
|
|
@ -11,6 +11,7 @@ import (
|
|||
"github.com/rs/zerolog/log"
|
||||
"gitlab.com/mstarongitlab/goutils/other"
|
||||
"gitlab.com/mstarongitlab/linstrom/config"
|
||||
"gitlab.com/mstarongitlab/linstrom/storage"
|
||||
)
|
||||
|
||||
type HandlerBuilder func(http.Handler) http.Handler
|
||||
|
|
@ -152,3 +153,78 @@ func checkSessionMiddleware(handler http.Handler) http.Handler {
|
|||
)
|
||||
})
|
||||
}
|
||||
|
||||
func requireValidSessionMiddleware(
|
||||
h func(http.ResponseWriter, *http.Request),
|
||||
) func(http.ResponseWriter, *http.Request) {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
_, ok := r.Context().Value(ContextKeyActorId).(string)
|
||||
if !ok {
|
||||
other.HttpErr(
|
||||
w,
|
||||
HttpErrIdNotAuthenticated,
|
||||
"Not authenticated",
|
||||
http.StatusUnauthorized,
|
||||
)
|
||||
return
|
||||
}
|
||||
h(w, r)
|
||||
}
|
||||
}
|
||||
|
||||
func buildRequirePermissionsMiddleware(permissionRole *storage.Role) HandlerBuilder {
|
||||
return func(h http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
accId, ok := r.Context().Value(ContextKeyActorId).(string)
|
||||
if !ok {
|
||||
other.HttpErr(
|
||||
w,
|
||||
HttpErrIdNotAuthenticated,
|
||||
"Not authenticated",
|
||||
http.StatusUnauthorized,
|
||||
)
|
||||
return
|
||||
}
|
||||
store := StorageFromRequest(r)
|
||||
log := hlog.FromRequest(r)
|
||||
acc, err := store.FindAccountById(accId)
|
||||
// Assumption: If this handler is hit, the middleware for checking if a session exists at all has already passed
|
||||
// and thus a valid account id must exist in the context
|
||||
if err != nil {
|
||||
log.Error().
|
||||
Err(err).
|
||||
Str("account-id", accId).
|
||||
Msg("Error while getting account from session")
|
||||
other.HttpErr(
|
||||
w,
|
||||
HttpErrIdDbFailure,
|
||||
"Error while getting account from session",
|
||||
http.StatusInternalServerError,
|
||||
)
|
||||
return
|
||||
}
|
||||
roles, err := store.FindRolesByNames(acc.Roles)
|
||||
// Assumption: There will always be at least two roles per user, default user and user-specific one
|
||||
if err != nil {
|
||||
other.HttpErr(
|
||||
w,
|
||||
HttpErrIdDbFailure,
|
||||
"Failed to get roles for account",
|
||||
http.StatusInternalServerError,
|
||||
)
|
||||
return
|
||||
}
|
||||
collapsedRole := storage.CollapseRolesIntoOne(roles...)
|
||||
if !storage.CompareRoles(&collapsedRole, permissionRole) {
|
||||
other.HttpErr(
|
||||
w,
|
||||
HttpErrIdNotAuthenticated,
|
||||
"Insufficient permisions",
|
||||
http.StatusForbidden,
|
||||
)
|
||||
return
|
||||
}
|
||||
h.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue