golang-lib/web/auth/middleware.go

package auth

import (
	"net/http"

	"github.com/gin-gonic/gin"
	"github.com/google/uuid"

	"dev.sum7.eu/genofire/golang-lib/web"
)

func MiddlewareLogin(ws *web.Service) gin.HandlerFunc {
	return func(c *gin.Context) {
		_, ok := GetCurrentUserID(c)
		if !ok {
			c.Abort()
		}
	}
}

func MiddlewarePermissionParamUUID(ws *web.Service, obj HasPermission) gin.HandlerFunc {
	return MiddlewarePermissionParam(ws, obj, "uuid")
}
func MiddlewarePermissionParam(ws *web.Service, obj HasPermission, param string) gin.HandlerFunc {
	return func(c *gin.Context) {
		userID, ok := GetCurrentUserID(c)
		if !ok {
			c.Abort()
		}
		objID, err := uuid.Parse(c.Params.ByName(param))
		if err != nil {
			c.JSON(http.StatusUnauthorized, web.HTTPError{
				Message: web.APIErrorInvalidRequestFormat,
				Error:   err.Error(),
			})
			c.Abort()
		}
		_, err = obj.HasPermission(ws.DB, userID, objID)
		if err != nil {
			c.JSON(http.StatusUnauthorized, web.HTTPError{
				Message: http.StatusText(http.StatusUnauthorized),
				Error:   err.Error(),
			})
			c.Abort()
		}
	}
}