Compare commits
2 Commits
29dd3bb2bb
...
43c2abf138
Author | SHA1 | Date |
---|---|---|
luiz | 43c2abf138 | |
Luiz Vasconcelos | 9d813bfd43 |
|
@ -34,6 +34,7 @@ type UserClaims struct {
|
|||
Username string `json:"cognito:username"`
|
||||
Picture string `json:"picture"`
|
||||
Sub string `json:"sub"`
|
||||
Groups []string `json:"cognito:groups"`
|
||||
}
|
||||
|
||||
func generateState() (string, error) {
|
||||
|
|
|
@ -85,6 +85,31 @@ func (m *Middleware) ProtectedRouteWithRedirect(next http.Handler) http.Handler
|
|||
})
|
||||
}
|
||||
|
||||
// IsAdmin Checks if admin group is present
|
||||
func IsAdmin(groups []string) bool {
|
||||
for _, group := range groups {
|
||||
if group == "admin" {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// AdminProtectedRoute Checks if user is member of admin group, if not return forbidden
|
||||
func (m *Middleware) AdminProtectedRoute(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
userOptional := r.Context().Value(userContextKey)
|
||||
if userOptional != nil {
|
||||
user := userOptional.(UserClaims)
|
||||
if IsAdmin(user.Groups) {
|
||||
next.ServeHTTP(w, r)
|
||||
}
|
||||
}
|
||||
|
||||
http.Error(w, "Forbidden", http.StatusForbidden)
|
||||
})
|
||||
}
|
||||
|
||||
func GetUserFromContext(r *http.Request) *UserClaims {
|
||||
userOptional := r.Context().Value(userContextKey)
|
||||
if userOptional != nil {
|
||||
|
|
Loading…
Reference in New Issue