Startsida Utforska Hjälp
Logga in
byop
/
byop-engine
2
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Träd: 14dae9b6ac
Grenar Taggar
byop-engine
/
middleware
/
auth.go

auth.go 2.2 KB
Historik

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. package middleware
    2. 

  2. 

  3. import (
    4. 

  4. 	"context"
    5. 

  5. 	"net/http"
    6. 

  6. 

  7. 	"git.linuxforward.com/byop/byop-engine/auth"
    8. 

  8. 	"github.com/gin-gonic/gin"
    9. 

  9. 	"github.com/golang-jwt/jwt/v5"
    10. 

  10. )
    11. 

  11. 

  12. // debugMode is a flag to enable or disable debug logging
    13. 

  13. var debug = true
    14. 

  14. 

  15. // JWT secret key - in production, this should be loaded from environment variables
    16. 

  16. var jwtSecret = []byte("your-secret-key-here")
    17. 

  17. 

  18. // Claims represents the JWT claims
    19. 

  19. type Claims struct {
    20. 

  20. 	UserID string `json:"user_id"`
    21. 

  21. 	Role   string `json:"role"`
    22. 

  22. 	jwt.RegisteredClaims
    23. 

  23. }
    24. 

  24. 

  25. // Auth middleware that accepts the auth service as dependency
    26. 

  26. func Auth(authService auth.Service) gin.HandlerFunc {
    27. 

  27. 	if debug {
    28. 

  28. 		return func(c *gin.Context) {
    29. 

  29. 			c.Set("clientID", "debug_user")
    30. 

  30. 			c.Set("user_id", "debug_user")
    31. 

  31. 			c.Set("role", "admin")
    32. 

  32. 			c.Next()
    33. 

  33. 		}
    34. 

  34. 	}
    35. 

  35. 	return func(c *gin.Context) {
    36. 

  36. 		// Get token from request
    37. 

  37. 		token := extractTokenFromHeader(c)
    38. 

  38. 		if token == "" {
    39. 

  39. 			c.JSON(http.StatusUnauthorized, gin.H{"error": "Authorization header required"})
    40. 

  40. 			c.Abort()
    41. 

  41. 			return
    42. 

  42. 		}
    43. 

  43. 

  44. 		// Validate token using the auth service
    45. 

  45. 		clientID, err := authService.ValidateToken(c.Request.Context(), token)
    46. 

  46. 		if err != nil {
    47. 

  47. 			c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid token"})
    48. 

  48. 			c.Abort()
    49. 

  49. 			return
    50. 

  50. 		}
    51. 

  51. 

  52. 		// Set client ID in context for later use
    53. 

  53. 		c.Set("clientID", clientID)
    54. 

  54. 		c.Next()
    55. 

  55. 	}
    56. 

  56. }
    57. 

  57. 

  58. // GetUserIDFromContext retrieves the user ID from the request context
    59. 

  59. func GetUserIDFromContext(ctx context.Context) string {
    60. 

  60. 	userID, ok := ctx.Value("user_id").(string)
    61. 

  61. 	if !ok {
    62. 

  62. 		return ""
    63. 

  63. 	}
    64. 

  64. 	return userID
    65. 

  65. }
    66. 

  66. 

  67. // GetRoleFromContext retrieves the user role from the request context
    68. 

  68. func GetRoleFromContext(ctx context.Context) string {
    69. 

  69. 	role, ok := ctx.Value("role").(string)
    70. 

  70. 	if !ok {
    71. 

  71. 		return ""
    72. 

  72. 	}
    73. 

  73. 	return role
    74. 

  74. }
    75. 

  75. 

  76. // IsAdmin checks if the user in the context has admin role
    77. 

  77. func IsAdmin(ctx context.Context) bool {
    78. 

  78. 	role := GetRoleFromContext(ctx)
    79. 

  79. 	return role == "admin"
    80. 

  80. }
    81. 

  81. 

  82. // extractTokenFromHeader gets the JWT token from the Authorization header
    83. 

  83. func extractTokenFromHeader(c *gin.Context) string {
    84. 

  84. 	authHeader := c.GetHeader("Authorization")
    85. 

  85. 	if authHeader == "" {
    86. 

  86. 		return ""
    87. 

  87. 	}
    88. 

  88. 

  89. 	// Check if the header has the format "Bearer <token>"
    90. 

  90. 	if len(authHeader) > 7 && authHeader[:7] == "Bearer " {
    91. 

  91. 		return authHeader[7:]
    92. 

  92. 	}
    93. 

  93. 

  94. 	return ""
    95. 

  95. }
    96.