+ roles middleware

f2ea158e · Francesco De Martino · a819598c · f2ea158e
Commit f2ea158e authored 4 years ago by Francesco De Martino
--- a/authentication.go
+++ b/authentication.go
@@ -3,7 +3,7 @@
 	Use Redis as a cache in which store an oauth2 authentication for 1 hour
 	Insert in gin.Context user_id (*DataReceive)
 	Insert in gin.Context user_roles ([]string)
- */
+*/

 package oauth2_authenticator

@@ -15,9 +15,11 @@ import (
 	"net/http"
 )

+const ExpirationTimeRedis = 3600000000000
+
 /*
 	Json of api/user
- */
+*/
 type DataReceive struct {
 	User struct {
 		Active                    bool   `json:"active"`
@@ -50,7 +52,7 @@ type DataReceive struct {

 /*
 	Gin-Gonic middleware to import for oauth2 authentication
- */
+*/
 func Authentication(c *gin.Context) {
 	userInfo := redisClient.Get(ctx, createKey(c.GetHeader("Authorization")))

@@ -61,11 +63,45 @@ func Authentication(c *gin.Context) {
 	}
 }

+/*
+	Gin-Gonic middleware to import for check roles of an user
+	it MUST be used after Authentication
+*/
+func Rule(roles []string) func(c *gin.Context) {
+	return func(c *gin.Context) {
+		var rolesUser []string
+		canContinue := true
+		rolesUser, _ = c.GetQueryArray("user_roles")
+		for _, role := range roles {
+			if !isInArray(role, rolesUser) {
+				c.AbortWithStatusJSON(http.StatusForbidden, gin.H{})
+				canContinue = false
+				break
+			}
+		}
+		if canContinue {
+			c.Next()
+		}
+	}
+}
+
+/*
+	Simple function to check if a value is in an array
+*/
+func isInArray(value string, arrayValues []string) bool {
+	for _, arrayValue := range arrayValues {
+		if value == arrayValue {
+			return true
+		}
+	}
+	return false
+}
+
 /*
 	If the Redis key doesn't exist, it creates and use it
- */
+*/
 func keyRedisNotExist(c *gin.Context) {
-	request, _ := http.NewRequest("GET", endPointOauthAuth + "/api/user", nil)
+	request, _ := http.NewRequest("GET", endPointOauthAuth+"/api/user", nil)
 	request.Header.Add("Authorization", c.GetHeader("Authorization"))
 	response, err := clientHttp.Do(request)

@@ -82,7 +118,7 @@ func keyRedisNotExist(c *gin.Context) {
 			if roles == nil {
 				c.AbortWithStatusJSON(http.StatusForbidden, gin.H{})
 			} else {
-				redisClient.Set(ctx, createKey(c.GetHeader("Authorization")), string(body), 3600000000000)
+				redisClient.Set(ctx, createKey(c.GetHeader("Authorization")), string(body), ExpirationTimeRedis)
 				c.Set("user_id", &send)
 				c.Set("user_roles", roles)
 				c.Next()
@@ -93,7 +129,7 @@ func keyRedisNotExist(c *gin.Context) {

 /*
 	It uses the data in the Redis key
- */
+*/
 func keyRedisExists(c *gin.Context, userInfo *redis.StringCmd) {
 	var send DataReceive
 	text := userInfo.Val()
@@ -109,7 +145,7 @@ func keyRedisExists(c *gin.Context, userInfo *redis.StringCmd) {

 /*
 	Check if the application ID of the user is equal to the application ID of the project
- */
+*/
 func checkApplicationIDAndGetRules(data *DataReceive) []string {
 	for _, registration := range data.User.Registrations {
 		if registration.ApplicationID == applicationIdAuth {
@@ -121,7 +157,7 @@ func checkApplicationIDAndGetRules(data *DataReceive) []string {

 /*
 	Create the key for Redis
- */
+*/
 func createKey(authentication string) string {
 	return "oauth2-authenticator." + authentication
 }