cdricms/latosa-escrima
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Starting to implement permissions into frontend

Browse Source
This commit is contained in:
cdricms
2025-01-30 15:50:58 +01:00
parent 8d2214e5dd
commit 0e707e8721
16 changed files with 715 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
backend/api/middlewares.go
View File

@@ -9,8 +9,10 @@ import (
"fr.latosa-escrima/api/users"
core "fr.latosa-escrima/core"
"fr.latosa-escrima/core/models"
"fr.latosa-escrima/utils"
"github.com/golang-jwt/jwt/v5"
"github.com/google/uuid"
)
func CORS(next http.Handler) http.Handler {
@@ -78,12 +80,12 @@ func AuthJWT(next http.Handler) http.Handler {
}
// @param methods string -> HttpMethods separated by commas.
func Methods(methods string) core.Middleware {
_methods := strings.Split(strings.ToUpper(methods), ",")
func Methods(methods ...string) core.Middleware {
// _methods := strings.Split(strings.ToUpper(methods), ",")
middleware := func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if len(methods) > 0 {
if !utils.Contains(_methods, r.Method) {
if !utils.Contains(methods, r.Method) {
core.JSONError{
Status: core.Error,
Message: "Method is not allowed.",
@@ -98,3 +100,109 @@ func Methods(methods string) core.Middleware {
return middleware
}
// WARNING: For this to work, the Middleware AuthJWT has to be applied after in
// the Middleswares ([]core.Middleware)
//
// This Middleware behaves like a AND on the actions. The user must have all the
// listed actions on this particular resource.
func HasPermissions(resource string, actions ...string) core.Middleware {
var middleware core.Middleware = func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ctx := context.Background()
token, ok := r.Context().Value("token").(*jwt.Token)
if !ok {
core.JSONError{
Status: core.Error,
Message: "Couldn't retrieve your JWT.",
}.Respond(w, http.StatusInternalServerError)
return
}
claims, ok := token.Claims.(jwt.MapClaims)
if !ok {
core.JSONError{
Status: core.Error,
Message: "Invalid token claims.",
}.Respond(w, http.StatusInternalServerError)
return
}
id, err := uuid.Parse(claims["user_id"].(string))
if err != nil {
core.JSONError{
Status: core.Error,
Message: err.Error(),
}.Respond(w, http.StatusInternalServerError)
return
}
var user models.User
count, err := core.DB.NewSelect().Model(&user).
Where("user_id = ?", id).
Relation("Roles.Permissions").
Limit(1).
ScanAndCount(ctx)
if count == 0 {
core.JSONError{
Status: core.Error,
Message: "The user doesn't exist",
}.Respond(w, http.StatusNotFound)
return
}
if err != nil {
core.JSONError{
Status: core.Error,
Message: err.Error(),
}.Respond(w, http.StatusInternalServerError)
return
}
// permissions := utils.MergeArrays(
// utils.Map(user.Roles, func(r models.Role) []models.Permission {
// return r.Permissions
// })...)
//
// for _, action := range actions {
// permission := utils.Find(permissions, func(p models.Permission, i int) bool {
// return resource == p.Resource && action == p.Action
// })
// if permission == nil {
// core.JSONError{
// Status: core.Error,
// Message: fmt.Sprintf("The user doesn't have the proper permission %s:%s", resource, action),
// }.Respond(w, http.StatusUnauthorized)
// return
// }
// }
permissionsSet := make(map[string]struct{}) // Set to store unique permissions
// Populate the set with user's permissions
for _, role := range user.Roles {
for _, perm := range role.Permissions {
key := perm.Resource + ":" + perm.Action
permissionsSet[key] = struct{}{} // Store as a set for fast lookups
}
}
// Check if the user has all required permissions
for _, action := range actions {
key := resource + ":" + action
if _, exists := permissionsSet[key]; !exists {
core.JSONError{
Status: core.Error,
Message: fmt.Sprintf("The user doesn't have the proper permission %s:%s", resource, action),
}.Respond(w, http.StatusUnauthorized)
return
}
}
next.ServeHTTP(w, r)
})
}
return middleware
}