48 lines
1.0 KiB
Go
48 lines
1.0 KiB
Go
|
package auth
|
||
|
|
||
|
import (
|
||
|
"net/http"
|
||
|
|
||
|
"github.com/gin-gonic/gin"
|
||
|
"github.com/google/uuid"
|
||
|
|
||
|
"dev.sum7.eu/genofire/golang-lib/web"
|
||
|
)
|
||
|
|
||
|
func MiddlewareLogin(ws *web.Service) gin.HandlerFunc {
|
||
|
return func(c *gin.Context) {
|
||
|
_, ok := GetCurrentUserID(c)
|
||
|
if !ok {
|
||
|
c.Abort()
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func MiddlewarePermissionParamUUID(ws *web.Service, obj HasPermission) gin.HandlerFunc {
|
||
|
return MiddlewarePermissionParam(ws, obj, "uuid")
|
||
|
}
|
||
|
func MiddlewarePermissionParam(ws *web.Service, obj HasPermission, param string) gin.HandlerFunc {
|
||
|
return func(c *gin.Context) {
|
||
|
userID, ok := GetCurrentUserID(c)
|
||
|
if !ok {
|
||
|
c.Abort()
|
||
|
}
|
||
|
objID, err := uuid.Parse(c.Params.ByName(param))
|
||
|
if err != nil {
|
||
|
c.JSON(http.StatusUnauthorized, web.HTTPError{
|
||
|
Message: web.APIErrorInvalidRequestFormat,
|
||
|
Error: err.Error(),
|
||
|
})
|
||
|
c.Abort()
|
||
|
}
|
||
|
_, err = obj.HasPermission(ws.DB, userID, objID)
|
||
|
if err != nil {
|
||
|
c.JSON(http.StatusUnauthorized, web.HTTPError{
|
||
|
Message: http.StatusText(http.StatusUnauthorized),
|
||
|
Error: err.Error(),
|
||
|
})
|
||
|
c.Abort()
|
||
|
}
|
||
|
}
|
||
|
}
|