diff options
| author | Leonardo Bishop <me@leonardobishop.com> | 2025-08-23 22:29:28 +0100 |
|---|---|---|
| committer | Leonardo Bishop <me@leonardobishop.com> | 2025-08-23 22:29:28 +0100 |
| commit | ecc6a55aba7bb35fc778e7a53848396b88214151 (patch) | |
| tree | 1b37a2dc5f4594155114da1ae0c4529d20a4c548 /api/middleware | |
| parent | 8f7dec8ba6b2f9bde01afd0a110596ebbd43e0ed (diff) | |
Add multiple conferences feature
Diffstat (limited to 'api/middleware')
| -rw-r--r-- | api/middleware/admin.go | 27 | ||||
| -rw-r--r-- | api/middleware/auth.go | 38 |
2 files changed, 57 insertions, 8 deletions
diff --git a/api/middleware/admin.go b/api/middleware/admin.go new file mode 100644 index 0000000..fd43cd6 --- /dev/null +++ b/api/middleware/admin.go @@ -0,0 +1,27 @@ +package middleware + +import ( + "net/http" + + "github.com/LMBishop/confplanner/api/dto" + "github.com/LMBishop/confplanner/pkg/session" + "github.com/LMBishop/confplanner/pkg/user" +) + +func MustAuthoriseAdmin(service user.Service, store session.Service) func(http.HandlerFunc) http.HandlerFunc { + return func(next http.HandlerFunc) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + session := r.Context().Value("session").(*session.UserSession) + + if !session.Admin { + dto.WriteDto(w, r, &dto.ErrorResponse{ + Code: http.StatusForbidden, + Message: "Forbidden", + }) + return + } + + next(w, r) + } + } +} diff --git a/api/middleware/auth.go b/api/middleware/auth.go index eb362b0..438a8a1 100644 --- a/api/middleware/auth.go +++ b/api/middleware/auth.go @@ -3,7 +3,9 @@ package middleware import ( "context" "errors" + "fmt" "net/http" + "strings" "github.com/LMBishop/confplanner/api/dto" "github.com/LMBishop/confplanner/pkg/session" @@ -13,15 +15,17 @@ import ( func MustAuthenticate(service user.Service, store session.Service) func(http.HandlerFunc) http.HandlerFunc { return func(next http.HandlerFunc) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - var sessionToken string - for _, cookie := range r.Cookies() { - if cookie.Name == "confplanner_session" { - sessionToken = cookie.Value - break - } + authHeader := r.Header.Get("Authorization") + token, err := extractBearerToken(authHeader) + if err != nil { + dto.WriteDto(w, r, &dto.ErrorResponse{ + Code: http.StatusUnauthorized, + Message: "Unauthorized", + }) + return } - s := store.GetByToken(sessionToken) + s := store.GetByToken(token) if s == nil { dto.WriteDto(w, r, &dto.ErrorResponse{ Code: http.StatusUnauthorized, @@ -30,7 +34,7 @@ func MustAuthenticate(service user.Service, store session.Service) func(http.Han return } - _, err := service.GetUserByID(s.UserID) + u, err := service.GetUserByID(s.UserID) if err != nil { if errors.Is(err, user.ErrUserNotFound) { store.Destroy(s.SessionID) @@ -44,9 +48,27 @@ func MustAuthenticate(service user.Service, store session.Service) func(http.Han return } + s.Username = u.Username + s.Admin = u.Admin + ctx := context.WithValue(r.Context(), "session", s) next(w, r.WithContext(ctx)) } } } + +func extractBearerToken(header string) (string, error) { + const prefix = "Bearer " + if header == "" { + return "", fmt.Errorf("authorization header missing") + } + if !strings.HasPrefix(header, prefix) { + return "", fmt.Errorf("invalid authorization scheme") + } + token := strings.TrimSpace(header[len(prefix):]) + if token == "" { + return "", fmt.Errorf("token is empty") + } + return token, nil +} |