mirror of
https://github.com/pocket-id/pocket-id.git
synced 2025-12-12 00:03:03 +03:00
60 lines
1.5 KiB
Go
60 lines
1.5 KiB
Go
package middleware
|
|
|
|
import (
|
|
"strings"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/pocket-id/pocket-id/backend/internal/common"
|
|
"github.com/pocket-id/pocket-id/backend/internal/service"
|
|
"github.com/pocket-id/pocket-id/backend/internal/utils/cookie"
|
|
)
|
|
|
|
type JwtAuthMiddleware struct {
|
|
jwtService *service.JwtService
|
|
}
|
|
|
|
func NewJwtAuthMiddleware(jwtService *service.JwtService) *JwtAuthMiddleware {
|
|
return &JwtAuthMiddleware{jwtService: jwtService}
|
|
}
|
|
|
|
func (m *JwtAuthMiddleware) Add(adminRequired bool) gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
|
|
userID, isAdmin, err := m.Verify(c, adminRequired)
|
|
if err != nil {
|
|
c.Abort()
|
|
c.Error(err)
|
|
return
|
|
}
|
|
|
|
c.Set("userID", userID)
|
|
c.Set("userIsAdmin", isAdmin)
|
|
c.Next()
|
|
}
|
|
}
|
|
|
|
func (m *JwtAuthMiddleware) Verify(c *gin.Context, adminRequired bool) (userID string, isAdmin bool, err error) {
|
|
// Extract the token from the cookie
|
|
token, err := c.Cookie(cookie.AccessTokenCookieName)
|
|
if err != nil {
|
|
// Try to extract the token from the Authorization header if it's not in the cookie
|
|
authorizationHeaderSplit := strings.Split(c.GetHeader("Authorization"), " ")
|
|
if len(authorizationHeaderSplit) != 2 {
|
|
return "", false, &common.NotSignedInError{}
|
|
}
|
|
token = authorizationHeaderSplit[1]
|
|
}
|
|
|
|
claims, err := m.jwtService.VerifyAccessToken(token)
|
|
if err != nil {
|
|
return "", false, &common.NotSignedInError{}
|
|
}
|
|
|
|
// Check if the user is an admin
|
|
if adminRequired && !claims.IsAdmin {
|
|
return "", false, &common.MissingPermissionError{}
|
|
}
|
|
|
|
return claims.Subject, claims.IsAdmin, nil
|
|
}
|