luiz
/
cauth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cauth/middleware.go

123 lines
2.8 KiB
Go
Raw Normal View History

v0.1.0
2024-10-26 10:27:18 +00:00
package cauth
import (
"context"
"github.com/lestrrat-go/jwx/jwk"
"log"
"net/http"
)
type contextKey string
const userContextKey = contextKey("user")
type Middleware struct {
s SessionStorer
ck jwk.Set
}
func NewMiddleware(s SessionStorer, cognitoUrl string) *Middleware {
cognitoKeySet, err := jwk.Fetch(context.Background(), cognitoUrl)
if err != nil {
log.Fatal(err)
}
return &Middleware{s, cognitoKeySet}
}
func (m *Middleware) AddUserInfo(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
session, err := m.s.Get(r)
if err != nil {
next.ServeHTTP(w, r)
return
}
token := session.Values["access_token"]
if token == "" || token == nil {
next.ServeHTTP(w, r)
return
}
userInfo := session.Values["user_info"]
ctx := context.WithValue(r.Context(), userContextKey, userInfo)
next.ServeHTTP(w, r.WithContext(ctx))
})
}
Add option for protected router with statuscode
2024-10-27 14:27:53 +00:00
// ProtectedRoute Checks if session and token are present, if not return a 401 response
v0.1.0
2024-10-26 10:27:18 +00:00
func (m *Middleware) ProtectedRoute(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
session, err := m.s.Get(r)
if err != nil {
Add option for protected router with statuscode
2024-10-27 14:27:53 +00:00
w.WriteHeader(http.StatusUnauthorized)
v0.1.0
2024-10-26 10:27:18 +00:00
return
}
token := session.Values["access_token"]
if token == "" || token == nil {
Add option for protected router with statuscode
2024-10-27 14:27:53 +00:00
w.WriteHeader(http.StatusUnauthorized)
return
}
next.ServeHTTP(w, r)
})
}
// ProtectedRouteWithRedirect Checks if session and token are present, if not return a redirect to /login
func (m *Middleware) ProtectedRouteWithRedirect(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
session, err := m.s.Get(r)
if err != nil {
http.Redirect(w, r, "/login", http.StatusSeeOther)
return
}
token := session.Values["access_token"]
if token == "" || token == nil {
http.Redirect(w, r, "/login", http.StatusSeeOther)
v0.1.0
2024-10-26 10:27:18 +00:00
return
}
next.ServeHTTP(w, r)
})
}
Add middleware for AdminRouter and added IsAdmin function
2024-11-24 15:50:11 +00:00
// IsAdmin Checks if admin group is present
func IsAdmin(groups []string) bool {
for _, group := range groups {
if group == "admin" {
return true
}
}
return false
}
// AdminProtectedRoute Checks if user is member of admin group, if not return forbidden
func (m *Middleware) AdminProtectedRoute(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
userOptional := r.Context().Value(userContextKey)
if userOptional != nil {
user := userOptional.(UserClaims)
if IsAdmin(user.Groups) {
next.ServeHTTP(w, r)
Added missing return statement
2024-11-24 16:47:22 +00:00
return
Add middleware for AdminRouter and added IsAdmin function
2024-11-24 15:50:11 +00:00
}
}
http.Error(w, "Forbidden", http.StatusForbidden)
})
}
v0.1.0
2024-10-26 10:27:18 +00:00
func GetUserFromContext(r *http.Request) *UserClaims {
userOptional := r.Context().Value(userContextKey)
if userOptional != nil {
user := userOptional.(UserClaims)
return &user
}
return &UserClaims{}
}