-
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
68f9305
commit 25b0196
Showing
11 changed files
with
139 additions
and
277 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
package middleware | ||
|
||
import ( | ||
"log" | ||
"net/http" | ||
|
||
"github.com/gin-gonic/gin" | ||
"github.com/golang-jwt/jwt/v4" | ||
"github.com/isaqueveras/powersso/config" | ||
"github.com/isaqueveras/powersso/domain/auth" | ||
"github.com/isaqueveras/powersso/tokens" | ||
) | ||
|
||
// Session models the session data | ||
type Session struct { | ||
SessionID string | ||
UserID string | ||
UserLevel string | ||
FirstName string | ||
} | ||
|
||
// GetSession gets the session data from the context | ||
func GetSession(ctx *gin.Context) *Session { | ||
session, ok := ctx.Get("SESSION") | ||
if !ok { | ||
ctx.AbortWithStatus(http.StatusUnauthorized) | ||
return nil | ||
} | ||
|
||
value := session.(jwt.MapClaims) | ||
return &Session{ | ||
SessionID: value["SessionID"].(string), | ||
UserID: value["UserID"].(string), | ||
UserLevel: value["UserLevel"].(string), | ||
FirstName: value["FirstName"].(string), | ||
} | ||
} | ||
|
||
// Auth is a middleware to check if the user is authorized to access the resource | ||
func Auth() gin.HandlerFunc { | ||
return func(ctx *gin.Context) { | ||
var token string | ||
if token = ctx.GetHeader("Authorization"); token == "" || len(token) < 30 { | ||
ctx.AbortWithStatus(http.StatusUnauthorized) | ||
return | ||
} | ||
|
||
if claims := tokens.ParseJWT(token[7:], config.Get().GetSecrets()); claims != nil { | ||
ctx.Set("UID", claims["UserID"]) | ||
ctx.Set("SESSION", claims) | ||
return | ||
} | ||
|
||
ctx.AbortWithStatus(http.StatusUnauthorized) | ||
} | ||
} | ||
|
||
// OnlyAdmin check if the user is an administrator | ||
func OnlyAdmin() gin.HandlerFunc { | ||
return func(ctx *gin.Context) { | ||
if GetSession(ctx).UserLevel != string(auth.AdminLevel) { | ||
session := GetSession(ctx) | ||
log.Printf("WARNING: user (%v - %v) tried to access user tried to access route for administrators only", session.UserID, session.FirstName) | ||
ctx.AbortWithStatus(http.StatusForbidden) | ||
return | ||
} | ||
ctx.Next() | ||
} | ||
} | ||
|
||
// Yourself validates if the logged in user is the same as the request | ||
func Yourself() gin.HandlerFunc { | ||
return func(ctx *gin.Context) { | ||
session := GetSession(ctx) | ||
userIn := ctx.Param("user_uuid") | ||
|
||
if session.UserID != userIn { | ||
log.Printf("WARNING: user (%v - %v) tried to access information for user (%v)", session.UserID, session.FirstName, userIn) | ||
ctx.AbortWithStatus(http.StatusForbidden) | ||
return | ||
} | ||
|
||
ctx.Next() | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -29,7 +29,6 @@ func HandlingGRPC(err error) error { | |
} | ||
|
||
e = handling(e.Err).(*Error) | ||
|
||
return buildGRPCStatus(e) | ||
} | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
// Copyright (c) 2022 Isaque Veras | ||
// Use of this source code is governed by MIT | ||
// license that can be found in the LICENSE file. | ||
|
||
package tokens | ||
|
||
import ( | ||
"time" | ||
|
||
"github.com/golang-jwt/jwt/v4" | ||
) | ||
|
||
// NewToken generates and returns new HS256 signed JWT token. | ||
func NewToken(payload jwt.MapClaims, key string, duration int64) (string, error) { | ||
var ( | ||
seconds = time.Duration(duration) * time.Second | ||
claims = jwt.MapClaims{"exp": time.Now().Add(seconds).Unix()} | ||
) | ||
|
||
for key, value := range payload { | ||
claims[key] = value | ||
} | ||
|
||
return jwt.NewWithClaims(jwt.SigningMethodHS256, claims).SignedString([]byte(key)) | ||
} | ||
|
||
// ParseJWT verifies and parses JWT token and returns its claims. | ||
func ParseJWT(token string, keys []string) jwt.MapClaims { | ||
parser := jwt.NewParser(jwt.WithValidMethods([]string{"HS256"})) | ||
for _, key := range keys { | ||
parsed, _ := parser.Parse(token, func(t *jwt.Token) (interface{}, error) { return []byte(key), nil }) | ||
if claims, ok := parsed.Claims.(jwt.MapClaims); ok && parsed.Valid { | ||
return claims | ||
} | ||
} | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.