golang-lib/web/auth/middleware.go

package auth

import (
	"net/http"

	"github.com/gin-gonic/gin"
	"github.com/google/uuid"

	"dev.sum7.eu/genofire/golang-lib/web"
)

// MiddlewareLogin if user id in session for golang-gin
func MiddlewareLogin(ws *web.Service) gin.HandlerFunc {
	return func(c *gin.Context) {
		_, ok := GetCurrentUserID(c)
		if !ok {
			c.Abort()
		}
	}
}

// MiddlewarePermissionParamUUID if user has access to obj, check access by uuid in golang-gin url param uuid
func MiddlewarePermissionParamUUID(ws *web.Service, obj HasPermission) gin.HandlerFunc {
	return MiddlewarePermissionParam(ws, obj, "uuid")
}

// MiddlewarePermissionParam if user has access to obj, check access in golang-gin url by param
func MiddlewarePermissionParam(ws *web.Service, obj HasPermission, param string) gin.HandlerFunc {
	return func(c *gin.Context) {
		userID, ok := GetCurrentUserID(c)
		if !ok {
			c.Abort()
		}
		objID, err := uuid.Parse(c.Params.ByName(param))
		if err != nil {
			c.JSON(http.StatusUnauthorized, web.HTTPError{
				Message: web.ErrAPIInvalidRequestFormat.Error(),
				Error:   err.Error(),
			})
			c.Abort()
		}
		d, err := obj.HasPermission(ws.DB, userID, objID)
		if err != nil {
			c.JSON(http.StatusUnauthorized, web.HTTPError{
				Message: ErrAPINoPermission.Error(),
				Error:   err.Error(),
			})
			c.Abort()
		}
		if d == nil {
			c.JSON(http.StatusNotFound, web.HTTPError{
				Message: web.ErrAPINotFound.Error(),
			})
			c.Abort()
		}
	}
}
web and database for gin 2021-06-01 10:51:35 +02:00			`package auth`

			`import (`
			`"net/http"`

			`"github.com/gin-gonic/gin"`
			`"github.com/google/uuid"`

			`"dev.sum7.eu/genofire/golang-lib/web"`
			`)`

docs: web/auth module 2021-06-01 18:44:09 +02:00			`// MiddlewareLogin if user id in session for golang-gin`
web and database for gin 2021-06-01 10:51:35 +02:00			`func MiddlewareLogin(ws *web.Service) gin.HandlerFunc {`
			`return func(c *gin.Context) {`
			`_, ok := GetCurrentUserID(c)`
			`if !ok {`
			`c.Abort()`
			`}`
			`}`
			`}`

docs: web/auth module 2021-06-01 18:44:09 +02:00			`// MiddlewarePermissionParamUUID if user has access to obj, check access by uuid in golang-gin url param uuid`
web and database for gin 2021-06-01 10:51:35 +02:00			`func MiddlewarePermissionParamUUID(ws *web.Service, obj HasPermission) gin.HandlerFunc {`
			`return MiddlewarePermissionParam(ws, obj, "uuid")`
			`}`
docs: web/auth module 2021-06-01 18:44:09 +02:00
			`// MiddlewarePermissionParam if user has access to obj, check access in golang-gin url by param`
web and database for gin 2021-06-01 10:51:35 +02:00			`func MiddlewarePermissionParam(ws *web.Service, obj HasPermission, param string) gin.HandlerFunc {`
			`return func(c *gin.Context) {`
			`userID, ok := GetCurrentUserID(c)`
			`if !ok {`
			`c.Abort()`
			`}`
			`objID, err := uuid.Parse(c.Params.ByName(param))`
			`if err != nil {`
			`c.JSON(http.StatusUnauthorized, web.HTTPError{`
web: error as errors 2021-07-22 18:16:05 +02:00			`Message: web.ErrAPIInvalidRequestFormat.Error(),`
web and database for gin 2021-06-01 10:51:35 +02:00			`Error: err.Error(),`
			`})`
			`c.Abort()`
			`}`
web/auth: middleware respone with 404 2021-09-12 22:41:33 +02:00			`d, err := obj.HasPermission(ws.DB, userID, objID)`
web and database for gin 2021-06-01 10:51:35 +02:00			`if err != nil {`
			`c.JSON(http.StatusUnauthorized, web.HTTPError{`
web: error as errors 2021-07-22 18:16:05 +02:00			`Message: ErrAPINoPermission.Error(),`
web and database for gin 2021-06-01 10:51:35 +02:00			`Error: err.Error(),`
			`})`
			`c.Abort()`
			`}`
web/auth: middleware respone with 404 2021-09-12 22:41:33 +02:00			`if d == nil {`
			`c.JSON(http.StatusNotFound, web.HTTPError{`
			`Message: web.ErrAPINotFound.Error(),`
			`})`
			`c.Abort()`
			`}`
web and database for gin 2021-06-01 10:51:35 +02:00			`}`
			`}`