api/middleware/auth.go


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

package middleware

import (
	"errors"

	"github.com/LMBishop/confplanner/api/dto"
	"github.com/LMBishop/confplanner/pkg/user"
	"github.com/gofiber/fiber/v2"
	"github.com/gofiber/fiber/v2/middleware/session"
)

func RequireAuthenticated(service user.Service, store *session.Store) fiber.Handler {
	return func(c *fiber.Ctx) error {
		s, err := store.Get(c)
		if err != nil {
			return err
		}

		if s.Fresh() || len(s.Keys()) == 0 {
			return &dto.ErrorResponse{
				Code:    fiber.StatusUnauthorized,
				Message: "Unauthorized",
			}
		}

		uid := s.Get("uid").(int32)

		fetchedUser, err := service.GetUserByID(uid)
		if err != nil {
			if errors.Is(err, user.ErrUserNotFound) {
				s.Destroy()
				return &dto.ErrorResponse{
					Code:    fiber.StatusUnauthorized,
					Message: "Invalid session",
				}
			}

			return err
		}

		c.Locals("uid", uid)
		c.Locals("username", fetchedUser.Username)

		return c.Next()
	}
}