Init

2026-03-23 18:55:27 +07:00
parent 6dc0322fe5
commit 3626c12319
47 changed files with 2741 additions and 0 deletions
--- a/internal/middlewares/jwtMiddleware.go
+++ b/internal/middlewares/jwtMiddleware.go
@@ -0,0 +1,87 @@
+package middlewares
+
+import (
+	"history-api/pkg/config"
+	"history-api/pkg/constant"
+	"history-api/pkg/dtos/response"
+	"slices"
+
+	jwtware "github.com/gofiber/contrib/v3/jwt"
+	"github.com/gofiber/fiber/v3"
+	"github.com/gofiber/fiber/v3/extractors"
+)
+
+func JwtAccess() fiber.Handler {
+	jwtSecret, err := config.GetConfig("JWT_SECRET")
+	if err != nil {
+		return nil
+	}
+
+	return jwtware.New(jwtware.Config{
+		SigningKey:     jwtware.SigningKey{Key: []byte(jwtSecret)},
+		ErrorHandler:   jwtError,
+		SuccessHandler: jwtSuccess,
+		Extractor:      extractors.FromAuthHeader("Bearer"),
+		Claims:         &response.JWTClaims{},
+	})
+}
+
+func JwtRefresh() fiber.Handler {
+	jwtRefreshSecret, err := config.GetConfig("JWT_REFRESH_SECRET")
+	if err != nil {
+		return nil
+	}
+
+	return jwtware.New(jwtware.Config{
+		SigningKey:     jwtware.SigningKey{Key: []byte(jwtRefreshSecret)},
+		ErrorHandler:   jwtError,
+		SuccessHandler: jwtSuccess,
+		Extractor:      extractors.FromAuthHeader("Bearer"),
+		Claims:         &response.JWTClaims{},
+	})
+}
+
+func jwtSuccess(c fiber.Ctx) error {
+	user := jwtware.FromContext(c)
+	unauthorized := func() error {
+		return c.Status(fiber.StatusUnauthorized).JSON(response.CommonResponse{
+			Status:  false,
+			Message: "Invalid or missing token",
+		})
+	}
+
+	if user == nil {
+		return unauthorized()
+	}
+
+	claims, ok := user.Claims.(*response.JWTClaims)
+	if !ok {
+		return unauthorized()
+	}
+
+	if slices.Contains(claims.Roles, constant.BANNED) {
+		return c.Status(fiber.StatusForbidden).JSON(response.CommonResponse{
+			Status:  false,
+			Message: "User account is banned",
+		})
+	}
+
+	c.Locals("uid", claims.UId)
+	c.Locals("user_claims", claims)
+
+	return c.Next()
+}
+func jwtError(c fiber.Ctx, err error) error {
+	if err.Error() == "Missing or malformed JWT" {
+		return c.Status(fiber.StatusBadRequest).
+			JSON(response.CommonResponse{
+				Status:  false,
+				Message: "Missing or malformed JWT",
+			})
+	}
+	return c.Status(fiber.StatusUnauthorized).
+		JSON(response.CommonResponse{
+			Status:  false,
+			Message: "Invalid or expired JWT",
+		})
+}
--- a/internal/middlewares/roleMiddleware.go
+++ b/internal/middlewares/roleMiddleware.go
@@ -0,0 +1,62 @@
+package middlewares
+
+import (
+	"history-api/pkg/constant"
+	"history-api/pkg/dtos/response"
+	"slices"
+
+	"github.com/gofiber/fiber/v3"
+)
+
+func getRoles(c fiber.Ctx) ([]constant.Role, error) {
+	claimsVal := c.Locals("user_claims")
+	if claimsVal == nil {
+		return nil, fiber.ErrUnauthorized
+	}
+
+	claims, ok := claimsVal.(*response.JWTClaims)
+	if !ok {
+		return nil, fiber.ErrUnauthorized
+	}
+
+	return claims.Roles, nil
+}
+
+func RequireAnyRole(required ...constant.Role) fiber.Handler {
+	return func(c fiber.Ctx) error {
+		userRoles, err := getRoles(c)
+		if err != nil {
+			return err
+		}
+
+		if len(userRoles) == 0 {
+			return fiber.ErrForbidden
+		}
+
+		for _, ur := range userRoles {
+			if slices.Contains(required, ur) {
+				return c.Next()
+			}
+		}
+
+		return fiber.ErrForbidden
+	}
+}
+
+func RequireAllRoles(required ...constant.Role) fiber.Handler {
+	return func(c fiber.Ctx) error {
+		userRoles, err := getRoles(c)
+		if err != nil {
+			return err
+		}
+
+		for _, rr := range required {
+			found := slices.Contains(userRoles, rr)
+			if !found {
+				return fiber.ErrForbidden
+			}
+		}
+
+		return c.Next()
+	}
+}