UPDATE: Auth module, User module
Some checks failed
Build and Release / release (push) Failing after 1m25s
Some checks failed
Build and Release / release (push) Failing after 1m25s
This commit is contained in:
@@ -2,16 +2,18 @@ package middlewares
|
||||
|
||||
import (
|
||||
"history-api/internal/dtos/response"
|
||||
"history-api/internal/repositories"
|
||||
"history-api/pkg/config"
|
||||
"history-api/pkg/constant"
|
||||
"history-api/pkg/constants"
|
||||
"slices"
|
||||
|
||||
jwtware "github.com/gofiber/contrib/v3/jwt"
|
||||
"github.com/gofiber/fiber/v3"
|
||||
"github.com/gofiber/fiber/v3/extractors"
|
||||
"github.com/jackc/pgx/v5/pgtype"
|
||||
)
|
||||
|
||||
func JwtAccess() fiber.Handler {
|
||||
func JwtAccess(userRepo repositories.UserRepository) fiber.Handler {
|
||||
jwtSecret, err := config.GetConfig("JWT_SECRET")
|
||||
if err != nil {
|
||||
return nil
|
||||
@@ -20,13 +22,13 @@ func JwtAccess() fiber.Handler {
|
||||
return jwtware.New(jwtware.Config{
|
||||
SigningKey: jwtware.SigningKey{Key: []byte(jwtSecret)},
|
||||
ErrorHandler: jwtError,
|
||||
SuccessHandler: jwtSuccess,
|
||||
SuccessHandler: jwtSuccess(userRepo),
|
||||
Extractor: extractors.FromAuthHeader("Bearer"),
|
||||
Claims: &response.JWTClaims{},
|
||||
})
|
||||
}
|
||||
|
||||
func JwtRefresh() fiber.Handler {
|
||||
func JwtRefresh(userRepo repositories.UserRepository) fiber.Handler {
|
||||
jwtRefreshSecret, err := config.GetConfig("JWT_REFRESH_SECRET")
|
||||
if err != nil {
|
||||
return nil
|
||||
@@ -35,41 +37,61 @@ func JwtRefresh() fiber.Handler {
|
||||
return jwtware.New(jwtware.Config{
|
||||
SigningKey: jwtware.SigningKey{Key: []byte(jwtRefreshSecret)},
|
||||
ErrorHandler: jwtError,
|
||||
SuccessHandler: jwtSuccess,
|
||||
SuccessHandler: jwtSuccess(userRepo),
|
||||
Extractor: extractors.FromAuthHeader("Bearer"),
|
||||
Claims: &response.JWTClaims{},
|
||||
})
|
||||
}
|
||||
|
||||
func jwtSuccess(c fiber.Ctx) error {
|
||||
user := jwtware.FromContext(c)
|
||||
unauthorized := func() error {
|
||||
return c.Status(fiber.StatusUnauthorized).JSON(response.CommonResponse{
|
||||
Status: false,
|
||||
Message: "Invalid or missing token",
|
||||
})
|
||||
func jwtSuccess(userRepo repositories.UserRepository) fiber.Handler {
|
||||
return func(c fiber.Ctx) error {
|
||||
user := jwtware.FromContext(c)
|
||||
|
||||
unauthorized := func() error {
|
||||
return c.Status(fiber.StatusUnauthorized).JSON(response.CommonResponse{
|
||||
Status: false,
|
||||
Message: "Invalid or missing token",
|
||||
})
|
||||
}
|
||||
|
||||
if user == nil {
|
||||
return unauthorized()
|
||||
}
|
||||
|
||||
claims, ok := user.Claims.(*response.JWTClaims)
|
||||
if !ok {
|
||||
return unauthorized()
|
||||
}
|
||||
|
||||
if slices.Contains(claims.Roles, constants.BANNED) {
|
||||
return c.Status(fiber.StatusForbidden).JSON(response.CommonResponse{
|
||||
Status: false,
|
||||
Message: "User account is banned",
|
||||
})
|
||||
}
|
||||
|
||||
var pgID pgtype.UUID
|
||||
err := pgID.Scan(claims.UId)
|
||||
if err != nil {
|
||||
return unauthorized()
|
||||
}
|
||||
tokenVersion, err := userRepo.GetTokenVersion(c.Context(), pgID)
|
||||
if err != nil {
|
||||
return unauthorized()
|
||||
}
|
||||
|
||||
if tokenVersion != claims.TokenVersion {
|
||||
return c.Status(fiber.StatusUnauthorized).JSON(response.CommonResponse{
|
||||
Status: false,
|
||||
Message: "Token has been invalidated",
|
||||
})
|
||||
}
|
||||
|
||||
c.Locals("uid", claims.UId)
|
||||
c.Locals("user_claims", claims)
|
||||
|
||||
return c.Next()
|
||||
}
|
||||
|
||||
if user == nil {
|
||||
return unauthorized()
|
||||
}
|
||||
|
||||
claims, ok := user.Claims.(*response.JWTClaims)
|
||||
if !ok {
|
||||
return unauthorized()
|
||||
}
|
||||
|
||||
if slices.Contains(claims.Roles, constant.BANNED) {
|
||||
return c.Status(fiber.StatusForbidden).JSON(response.CommonResponse{
|
||||
Status: false,
|
||||
Message: "User account is banned",
|
||||
})
|
||||
}
|
||||
|
||||
c.Locals("uid", claims.UId)
|
||||
c.Locals("user_claims", claims)
|
||||
|
||||
return c.Next()
|
||||
}
|
||||
func jwtError(c fiber.Ctx, err error) error {
|
||||
if err.Error() == "Missing or malformed JWT" {
|
||||
|
||||
@@ -2,13 +2,13 @@ package middlewares
|
||||
|
||||
import (
|
||||
"history-api/internal/dtos/response"
|
||||
"history-api/pkg/constant"
|
||||
"history-api/pkg/constants"
|
||||
"slices"
|
||||
|
||||
"github.com/gofiber/fiber/v3"
|
||||
)
|
||||
|
||||
func getRoles(c fiber.Ctx) ([]constant.Role, error) {
|
||||
func getRoles(c fiber.Ctx) ([]constants.Role, error) {
|
||||
claimsVal := c.Locals("user_claims")
|
||||
if claimsVal == nil {
|
||||
return nil, fiber.ErrUnauthorized
|
||||
@@ -22,7 +22,7 @@ func getRoles(c fiber.Ctx) ([]constant.Role, error) {
|
||||
return claims.Roles, nil
|
||||
}
|
||||
|
||||
func RequireAnyRole(required ...constant.Role) fiber.Handler {
|
||||
func RequireAnyRole(required ...constants.Role) fiber.Handler {
|
||||
return func(c fiber.Ctx) error {
|
||||
userRoles, err := getRoles(c)
|
||||
if err != nil {
|
||||
@@ -43,7 +43,7 @@ func RequireAnyRole(required ...constant.Role) fiber.Handler {
|
||||
}
|
||||
}
|
||||
|
||||
func RequireAllRoles(required ...constant.Role) fiber.Handler {
|
||||
func RequireAllRoles(required ...constants.Role) fiber.Handler {
|
||||
return func(c fiber.Ctx) error {
|
||||
userRoles, err := getRoles(c)
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user