Add middleware for AdminRouter and added IsAdmin function
This commit is contained in:
parent
29dd3bb2bb
commit
9d813bfd43
13
handlers.go
13
handlers.go
|
@ -28,12 +28,13 @@ func NewHandler(oauth2Config *oauth2.Config, session SessionStorer, verifier *oi
|
|||
}
|
||||
|
||||
type UserClaims struct {
|
||||
Email string `json:"email"`
|
||||
Verified bool `json:"email_verified"`
|
||||
Name string `json:"given_name"`
|
||||
Username string `json:"cognito:username"`
|
||||
Picture string `json:"picture"`
|
||||
Sub string `json:"sub"`
|
||||
Email string `json:"email"`
|
||||
Verified bool `json:"email_verified"`
|
||||
Name string `json:"given_name"`
|
||||
Username string `json:"cognito:username"`
|
||||
Picture string `json:"picture"`
|
||||
Sub string `json:"sub"`
|
||||
Groups []string `json:"cognito:groups"`
|
||||
}
|
||||
|
||||
func generateState() (string, error) {
|
||||
|
|
|
@ -85,6 +85,31 @@ func (m *Middleware) ProtectedRouteWithRedirect(next http.Handler) http.Handler
|
|||
})
|
||||
}
|
||||
|
||||
// IsAdmin Checks if admin group is present
|
||||
func IsAdmin(groups []string) bool {
|
||||
for _, group := range groups {
|
||||
if group == "admin" {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// AdminProtectedRoute Checks if user is member of admin group, if not return forbidden
|
||||
func (m *Middleware) AdminProtectedRoute(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
userOptional := r.Context().Value(userContextKey)
|
||||
if userOptional != nil {
|
||||
user := userOptional.(UserClaims)
|
||||
if IsAdmin(user.Groups) {
|
||||
next.ServeHTTP(w, r)
|
||||
}
|
||||
}
|
||||
|
||||
http.Error(w, "Forbidden", http.StatusForbidden)
|
||||
})
|
||||
}
|
||||
|
||||
func GetUserFromContext(r *http.Request) *UserClaims {
|
||||
userOptional := r.Context().Value(userContextKey)
|
||||
if userOptional != nil {
|
||||
|
|
Loading…
Reference in New Issue