Select Git revision
SessionMiddleware.ts
Forked from
Dojo Project (HES-SO) / Projects / Backend / DojoBackendAPI
Source project has a limited visibility.
authentication.go 1.37 KiB
package middlewares
import (
"appSec/pkg/api/auth"
"fmt"
"github.com/gin-gonic/gin"
"net/http"
)
var UserPermissions map[string][]string
func InitUserPermissions() {
UserPermissions = make(map[string][]string)
UserPermissions["foo"] = append(UserPermissions["foo"], "GET")
UserPermissions["aristote"] = append(UserPermissions["aristote"], "GET", "PUT", "DELETE", "POST")
UserPermissions["viewer"] = append(UserPermissions["viewer"], "GET")
UserPermissions["adder"] = append(UserPermissions["adder"], "GET", "POST")
UserPermissions["destroyer"] = append(UserPermissions["destroyer"], "GET", "DELETE")
}
// Authorization Middlware to check that the user has access to the method
func Authorization(c *gin.Context, user string) {
//Check that user is present in the userPermissions map and then get his authorized methods access
if permissions, ok := UserPermissions[user]; ok {
method := c.Request.Method
for _, v := range permissions {
if v == method {
c.Next()
}
}
}
c.AbortWithStatus(http.StatusForbidden)
}
func BasicAuthorization(c *gin.Context) {
//Get username from Basic Auth
user := c.MustGet(gin.AuthUserKey).(string)
Authorization(c, user)
}
func JWTAuthorization(c *gin.Context) {
if jwt, ok := auth.VerifyJWT(c); ok {
user := jwt.Claims["user"].(string)
fmt.Println(user)
Authorization(c, user)
}
c.AbortWithStatus(http.StatusUnauthorized)
}