Merge pull request 'Add middleware for AdminRouter and added IsAdmin function' (#5) from feature/admin into main
Reviewed-on: #5
This commit is contained in:
commit
43c2abf138
13
handlers.go
13
handlers.go
|
@ -28,12 +28,13 @@ func NewHandler(oauth2Config *oauth2.Config, session SessionStorer, verifier *oi
|
||||||
}
|
}
|
||||||
|
|
||||||
type UserClaims struct {
|
type UserClaims struct {
|
||||||
Email string `json:"email"`
|
Email string `json:"email"`
|
||||||
Verified bool `json:"email_verified"`
|
Verified bool `json:"email_verified"`
|
||||||
Name string `json:"given_name"`
|
Name string `json:"given_name"`
|
||||||
Username string `json:"cognito:username"`
|
Username string `json:"cognito:username"`
|
||||||
Picture string `json:"picture"`
|
Picture string `json:"picture"`
|
||||||
Sub string `json:"sub"`
|
Sub string `json:"sub"`
|
||||||
|
Groups []string `json:"cognito:groups"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func generateState() (string, error) {
|
func generateState() (string, error) {
|
||||||
|
|
|
@ -85,6 +85,31 @@ func (m *Middleware) ProtectedRouteWithRedirect(next http.Handler) http.Handler
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// IsAdmin Checks if admin group is present
|
||||||
|
func IsAdmin(groups []string) bool {
|
||||||
|
for _, group := range groups {
|
||||||
|
if group == "admin" {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
// AdminProtectedRoute Checks if user is member of admin group, if not return forbidden
|
||||||
|
func (m *Middleware) AdminProtectedRoute(next http.Handler) http.Handler {
|
||||||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
userOptional := r.Context().Value(userContextKey)
|
||||||
|
if userOptional != nil {
|
||||||
|
user := userOptional.(UserClaims)
|
||||||
|
if IsAdmin(user.Groups) {
|
||||||
|
next.ServeHTTP(w, r)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
http.Error(w, "Forbidden", http.StatusForbidden)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
func GetUserFromContext(r *http.Request) *UserClaims {
|
func GetUserFromContext(r *http.Request) *UserClaims {
|
||||||
userOptional := r.Context().Value(userContextKey)
|
userOptional := r.Context().Value(userContextKey)
|
||||||
if userOptional != nil {
|
if userOptional != nil {
|
||||||
|
|
Loading…
Reference in New Issue