feat: add auth to swagerr add middleware for check admin

2026-02-14 16:26:27 +03:00
parent 05a8f0cbc7
commit 7e4dbd7e56
6 changed files with 123 additions and 3 deletions
--- a/backend/internal/auth/jwt.go
+++ b/backend/internal/auth/jwt.go
@@ -16,6 +16,7 @@ func GenerateJWT(user storage.User) (string, error) {
 	token := jwt.NewWithClaims(jwt.SigningMethodHS512, jwt.MapClaims{
 		"id":        user.ID,
 		"email":     user.Email,
+		"login":     user.GithubLogin,
 		"github_id": user.GithubID,
 	})
 	tokenString, err := token.SignedString(jwtSecret)
@@ -35,7 +36,6 @@ func JWTMiddleware() gin.HandlerFunc {

 		tokenString := strings.TrimPrefix(auth, "Bearer ")
 		token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
-
 			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
 				return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
 			}
@@ -53,8 +53,63 @@ func JWTMiddleware() gin.HandlerFunc {
 			return
 		}

-		c.Set("user_id", int(claims["id"].(float64)))
-		c.Set("login", claims["login"].(string))
+		idValue, idExists := claims["id"]
+		if !idExists {
+			c.AbortWithStatusJSON(401, gin.H{"error": "missing id in token"})
+			return
+		}
+
+		idFloat, ok := idValue.(float64)
+		if !ok {
+			c.AbortWithStatusJSON(401, gin.H{"error": "invalid id type in token"})
+			return
+		}
+
+		githubIDValue, githubExists := claims["github_id"]
+		if !githubExists {
+			c.AbortWithStatusJSON(401, gin.H{"error": "missing github_id in token"})
+			return
+		}
+
+		githubIDFloat, ok := githubIDValue.(float64)
+		if !ok {
+			c.AbortWithStatusJSON(401, gin.H{"error": "invalid github_id type in token"})
+			return
+		}
+
+		loginValue, loginExists := claims["login"]
+		if !loginExists {
+			c.AbortWithStatusJSON(401, gin.H{"error": "missing login in token"})
+			return
+		}
+
+		login, ok := loginValue.(string)
+		if !ok {
+			c.AbortWithStatusJSON(401, gin.H{"error": "invalid login type in token"})
+			return
+		}
+
+		c.Set("user_id", int(idFloat))
+		c.Set("github_id", int(githubIDFloat))
+		c.Set("login", login)
+		c.Next()
+	}
+}
+
+func RequireAdmin() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		githubID, exists := c.Get("github_id")
+		if !exists {
+			c.AbortWithStatusJSON(401, gin.H{"error": "unauthorized"})
+			return
+		}
+
+		id := githubID.(int)
+		if id != 173489813 {
+			c.AbortWithStatusJSON(403, gin.H{"error": "access denied"})
+			return
+		}
+
 		c.Next()
 	}
 }
--- a/backend/internal/handlers/post_handlers.go
+++ b/backend/internal/handlers/post_handlers.go
@@ -95,6 +95,7 @@ func (h *PostHandlers) GetPost(c *gin.Context) {
 // @Accept json
 // @Produce json
 // @Param post body storage.PostCreate true "Post data"
+// @Security Bearer
 // @Success 200 {object} models.SuccessResponse{data=storage.Post}
 // @Failure 400 {object} models.ErrorResponse "Invalid request"
 // @Router /posts [post]
@@ -127,6 +128,7 @@ func (h *PostHandlers) CreatePost(c *gin.Context) {
 // @Param id path int true "Post ID"
 // @Param post body storage.PostCreate true "Post data"
 // @Produce  json
+// @Security Bearer
 // @Success 200 {object} models.SuccessResponse{data=storage.PostCreate}
 // @Failure 400 {object} models.ErrorResponse "Invalid ID format"
 // @Failure 500 {object} models.ErrorResponse "Internal server error"
@@ -162,6 +164,7 @@ func (h *PostHandlers) UpdatePost(c *gin.Context) {
 // @Param id path int true "Post ID"
 // @Accept  json
 // @Produce  json
+// @Security Bearer
 // @Failure 404 {object} models.ErrorResponse "Post not found"
 // @Failure 400 {object} models.ErrorResponse "Invalid ID format"
 // @Failure 500 {object} models.ErrorResponse "Internal server error"