UPDATE: Change auth logic

2026-04-09 09:32:34 +07:00
parent a7400f832e
commit 7559667ce2
20 changed files with 448 additions and 20 deletions
--- a/internal/middlewares/jwtMiddleware.go
+++ b/internal/middlewares/jwtMiddleware.go
@@ -31,7 +31,7 @@ func JwtAccess(userRepo repositories.UserRepository) fiber.Handler {
 	})
 }

-func JwtRefresh(userRepo repositories.UserRepository) fiber.Handler {
+func JwtRefresh() fiber.Handler {
 	jwtRefreshSecret, err := config.GetConfig("JWT_REFRESH_SECRET")
 	if err != nil {
 		return nil
@@ -40,7 +40,7 @@ func JwtRefresh(userRepo repositories.UserRepository) fiber.Handler {
 	return jwtware.New(jwtware.Config{
 		SigningKey:     jwtware.SigningKey{Key: []byte(jwtRefreshSecret)},
 		ErrorHandler:   jwtError,
-		SuccessHandler: jwtSuccess(userRepo),
+		SuccessHandler: jwtSuccessRefresh(),
 		Extractor: extractors.Chain(
 			extractors.FromAuthHeader("Bearer"),
 			extractors.FromCookie("refresh_token"),
@@ -100,6 +100,38 @@ func jwtSuccess(userRepo repositories.UserRepository) fiber.Handler {
 	}
 }

+func jwtSuccessRefresh() fiber.Handler {
+	return func(c fiber.Ctx) error {
+		unauthorized := func() error {
+			return c.Status(fiber.StatusUnauthorized).JSON(response.CommonResponse{
+				Status:  false,
+				Message: "Invalid or missing token",
+			})
+		}
+
+		jwtToken := jwtware.FromContext(c)
+		if jwtToken == nil {
+			return unauthorized()
+		}
+
+		claims, ok := jwtToken.Claims.(*response.JWTClaims)
+		if !ok {
+			return unauthorized()
+		}
+
+		if slices.Contains(claims.Roles, constants.BANNED) {
+			return c.Status(fiber.StatusForbidden).JSON(response.CommonResponse{
+				Status:  false,
+				Message: "User account is banned",
+			})
+		}
+
+		c.Locals("uid", claims.UId)
+		c.Locals("user_claims", claims)
+		return c.Next()
+	}
+}
+
 func jwtError(c fiber.Ctx, err error) error {
 	if err.Error() == "Missing or malformed JWT" {
 		return c.Status(fiber.StatusBadRequest).