luiz
/
cauth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: luiz:43c2abf1386812b488ee1a7e2620135ddc8f727e
Branches Tags
luiz:main
luiz:feature/admin
luiz:v1.3.1
luiz:v1.3.0
luiz:v1.2.1
luiz:v1.2.0
luiz:v1.1.0
luiz:v1.0.0
luiz:v0.2.0
luiz:v0.1.0
..
compare: luiz:29dd3bb2bbb7cc5f6ad58b847309585815840d6e
Branches Tags
luiz:main
luiz:feature/admin
luiz:v1.3.1
luiz:v1.3.0
luiz:v1.2.1
luiz:v1.2.0
luiz:v1.1.0
luiz:v1.0.0
luiz:v0.2.0
luiz:v0.1.0

No commits in common. "43c2abf1386812b488ee1a7e2620135ddc8f727e" and "29dd3bb2bbb7cc5f6ad58b847309585815840d6e" have entirely different histories.
43c2abf138 ... 29dd3bb2bb

2 changed files with 6 additions and 32 deletions
Show Stats Expand all files Collapse all files

13
handlers.go
View File

@ -28,13 +28,12 @@ func NewHandler(oauth2Config *oauth2.Config, session SessionStorer, verifier *oi
} }
type UserClaims struct { type UserClaims struct {
Email string `json:"email"` Email string `json:"email"`
Verified bool `json:"email_verified"` Verified bool `json:"email_verified"`
Name string `json:"given_name"` Name string `json:"given_name"`
Username string `json:"cognito:username"` Username string `json:"cognito:username"`
Picture string `json:"picture"` Picture string `json:"picture"`
Sub string `json:"sub"` Sub string `json:"sub"`
Groups []string `json:"cognito:groups"`
} }
func generateState() (string, error) { func generateState() (string, error) {

25
middleware.go
View File

@ -85,31 +85,6 @@ func (m *Middleware) ProtectedRouteWithRedirect(next http.Handler) http.Handler
}) })
} }
// IsAdmin Checks if admin group is present
func IsAdmin(groups []string) bool {
for _, group := range groups {
if group == "admin" {
return true
}
}
return false
}
// AdminProtectedRoute Checks if user is member of admin group, if not return forbidden
func (m *Middleware) AdminProtectedRoute(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
userOptional := r.Context().Value(userContextKey)
if userOptional != nil {
user := userOptional.(UserClaims)
if IsAdmin(user.Groups) {
next.ServeHTTP(w, r)
}
}
http.Error(w, "Forbidden", http.StatusForbidden)
})
}
func GetUserFromContext(r *http.Request) *UserClaims { func GetUserFromContext(r *http.Request) *UserClaims {
userOptional := r.Context().Value(userContextKey) userOptional := r.Context().Value(userContextKey)
if userOptional != nil { if userOptional != nil {