d3m0k1d/HellreigN
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity
Files
ad9d567d2ce3544d153af514c335899878f3d63c
HellreigN/backend/internal/handlers/middlewares.go
T
d3m0k1d 8ab7fbc6b2
ci-agent / build (push) Failing after 7m51s
Details
chore: add auth logic
2026-04-04 01:12:49 +03:00

87 lines
2.1 KiB
Go
Raw Blame History

package handlers
import (
"net/http"
"gitea.d3m0k1d.ru/d3m0k1d/HellreigN/backend/internal/repository"
"github.com/gin-gonic/gin"
)
// TokenContextKey is the context key for storing authenticated token info.
type TokenContextKey string
const tokenContextKey TokenContextKey = "token"
// AuthMiddleware validates that a Bearer token exists and is valid.
// It stores the token info in the context for later use.
// Returns 401 if token is missing or invalid.
func (ag *AuthGroup) AuthMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
token := getTokenFromHeader(c)
if token == "" {
c.JSON(http.StatusUnauthorized, gin.H{"error": "missing authorization header"})
c.Abort()
return
}
// Look up user by token value
tokens, err := ag.Repo.GetToken(token)
if err != nil {
c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid token"})
c.Abort()
return
}
c.Set(string(tokenContextKey), tokens)
c.Next()
}
}
// RequirePermission is a generic permission checker.
func RequirePermission(check func(*repository.Tokens) bool) gin.HandlerFunc {
return func(c *gin.Context) {
tokenVal, exists := c.Get(string(tokenContextKey))
if !exists {
c.JSON(http.StatusForbidden, gin.H{"error": "authentication required"})
c.Abort()
return
}
token, ok := tokenVal.(*repository.Tokens)
if !ok {
c.JSON(http.StatusForbidden, gin.H{"error": "invalid token context"})
c.Abort()
return
}
if !check(token) {
c.JSON(http.StatusForbidden, gin.H{"error": "insufficient permissions"})
c.Abort()
return
}
c.Next()
}
}
// RequireView requires permission_view.
func RequireView() gin.HandlerFunc {
return RequirePermission(func(t *repository.Tokens) bool {
return t.PermissionView
})
}
// RequireManageAgent requires permission_manage_agent.
func RequireManageAgent() gin.HandlerFunc {
return RequirePermission(func(t *repository.Tokens) bool {
return t.PermissionManage
})
}
// RequireAdmin requires permission_admin.
func RequireAdmin() gin.HandlerFunc {
return RequirePermission(func(t *repository.Tokens) bool {
return t.PermissionAdmin
})
}
Reference in New Issue View Git Blame Copy Permalink