From ae10e121875982d6956d6bff453544cc59a75616 Mon Sep 17 00:00:00 2001 From: Gabriel Arakaki Giovanini Date: Tue, 12 Sep 2023 18:37:30 +0200 Subject: feat: Add admin control Now only admins can access settings. --- pkg/ext/middleware.go | 47 ++++++++++++++++++++++++++++++++++------------- pkg/ext/responses.go | 4 ++-- 2 files changed, 36 insertions(+), 15 deletions(-) (limited to 'pkg/ext') diff --git a/pkg/ext/middleware.go b/pkg/ext/middleware.go index 061cf7c..6a94c4f 100644 --- a/pkg/ext/middleware.go +++ b/pkg/ext/middleware.go @@ -20,9 +20,17 @@ func HTML(next http.HandlerFunc) http.HandlerFunc { } } -type LogMiddleware struct { - entry *logrus.Entry -} +type ( + User string + + LogMiddleware struct { + entry *logrus.Entry + } +) + +const ( + UserKey User = "user" +) func NewLogMiddleare(log *logrus.Entry) *LogMiddleware { return &LogMiddleware{ @@ -43,14 +51,20 @@ func (l *LogMiddleware) HTTP(next http.HandlerFunc) http.HandlerFunc { } type AuthMiddleware struct { - key []byte - entry *logrus.Entry + key []byte + entry *logrus.Entry + userRepository repository.UserRepository } -func NewAuthMiddleware(key []byte, log *logrus.Entry) *AuthMiddleware { +func NewAuthMiddleware( + key []byte, + log *logrus.Entry, + userRepository repository.UserRepository, +) *AuthMiddleware { return &AuthMiddleware{ - key: key, - entry: log.WithField("context", "auth"), + key: key, + entry: log.WithField("context", "auth"), + userRepository: userRepository, } } @@ -82,7 +96,14 @@ func (a *AuthMiddleware) LoggedIn(next http.HandlerFunc) http.HandlerFunc { http.Redirect(w, r, redirectLogin, http.StatusTemporaryRedirect) return } - r = r.WithContext(context.WithValue(r.Context(), service.TokenKey, token)) + + user, err := a.userRepository.Get(r.Context(), token.UserID) + if err != nil { + a.entry.Error(err) + return + } + + r = r.WithContext(context.WithValue(r.Context(), UserKey, user)) a.entry. WithField("userID", token.UserID). WithField("username", token.Username). @@ -91,9 +112,9 @@ func (a *AuthMiddleware) LoggedIn(next http.HandlerFunc) http.HandlerFunc { } } -func GetTokenFromCtx(r *http.Request) *service.Token { - tokenValue := r.Context().Value(service.TokenKey) - if token, ok := tokenValue.(*service.Token); ok { +func GetUserFromCtx(r *http.Request) *repository.User { + tokenValue := r.Context().Value(UserKey) + if token, ok := tokenValue.(*repository.User); ok { return token } return nil @@ -113,7 +134,7 @@ func (i *InitialSetupMiddleware) Check(next http.HandlerFunc) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { // if user has been set to context it is logged in already - token := GetTokenFromCtx(r) + token := GetUserFromCtx(r) if token != nil { next(w, r) return diff --git a/pkg/ext/responses.go b/pkg/ext/responses.go index 34e5f27..d8941e8 100644 --- a/pkg/ext/responses.go +++ b/pkg/ext/responses.go @@ -10,12 +10,12 @@ import ( func NotFound(w http.ResponseWriter) { templates.WritePageTemplate(w, &templates.ErrorPage{ Err: "Not Found", - }) + }, false) } func InternalServerError(w http.ResponseWriter, err error) { w.WriteHeader(http.StatusInternalServerError) templates.WritePageTemplate(w, &templates.ErrorPage{ Err: fmt.Sprintf("Internal Server Error:\n%s", err.Error()), - }) + }, false) } -- cgit v1.2.3