Skip to content
Snippets Groups Projects
Commit f2ea158e authored by Francesco De Martino's avatar Francesco De Martino
Browse files

+ roles middleware

parent a819598c
No related branches found
No related tags found
No related merge requests found
......@@ -3,7 +3,7 @@
Use Redis as a cache in which store an oauth2 authentication for 1 hour
Insert in gin.Context user_id (*DataReceive)
Insert in gin.Context user_roles ([]string)
*/
*/
package oauth2_authenticator
......@@ -15,9 +15,11 @@ import (
"net/http"
)
const ExpirationTimeRedis = 3600000000000
/*
Json of api/user
*/
*/
type DataReceive struct {
User struct {
Active bool `json:"active"`
......@@ -50,7 +52,7 @@ type DataReceive struct {
/*
Gin-Gonic middleware to import for oauth2 authentication
*/
*/
func Authentication(c *gin.Context) {
userInfo := redisClient.Get(ctx, createKey(c.GetHeader("Authorization")))
......@@ -61,11 +63,45 @@ func Authentication(c *gin.Context) {
}
}
/*
Gin-Gonic middleware to import for check roles of an user
it MUST be used after Authentication
*/
func Rule(roles []string) func(c *gin.Context) {
return func(c *gin.Context) {
var rolesUser []string
canContinue := true
rolesUser, _ = c.GetQueryArray("user_roles")
for _, role := range roles {
if !isInArray(role, rolesUser) {
c.AbortWithStatusJSON(http.StatusForbidden, gin.H{})
canContinue = false
break
}
}
if canContinue {
c.Next()
}
}
}
/*
Simple function to check if a value is in an array
*/
func isInArray(value string, arrayValues []string) bool {
for _, arrayValue := range arrayValues {
if value == arrayValue {
return true
}
}
return false
}
/*
If the Redis key doesn't exist, it creates and use it
*/
*/
func keyRedisNotExist(c *gin.Context) {
request, _ := http.NewRequest("GET", endPointOauthAuth + "/api/user", nil)
request, _ := http.NewRequest("GET", endPointOauthAuth+"/api/user", nil)
request.Header.Add("Authorization", c.GetHeader("Authorization"))
response, err := clientHttp.Do(request)
......@@ -82,7 +118,7 @@ func keyRedisNotExist(c *gin.Context) {
if roles == nil {
c.AbortWithStatusJSON(http.StatusForbidden, gin.H{})
} else {
redisClient.Set(ctx, createKey(c.GetHeader("Authorization")), string(body), 3600000000000)
redisClient.Set(ctx, createKey(c.GetHeader("Authorization")), string(body), ExpirationTimeRedis)
c.Set("user_id", &send)
c.Set("user_roles", roles)
c.Next()
......@@ -93,7 +129,7 @@ func keyRedisNotExist(c *gin.Context) {
/*
It uses the data in the Redis key
*/
*/
func keyRedisExists(c *gin.Context, userInfo *redis.StringCmd) {
var send DataReceive
text := userInfo.Val()
......@@ -109,7 +145,7 @@ func keyRedisExists(c *gin.Context, userInfo *redis.StringCmd) {
/*
Check if the application ID of the user is equal to the application ID of the project
*/
*/
func checkApplicationIDAndGetRules(data *DataReceive) []string {
for _, registration := range data.User.Registrations {
if registration.ApplicationID == applicationIdAuth {
......@@ -121,7 +157,7 @@ func checkApplicationIDAndGetRules(data *DataReceive) []string {
/*
Create the key for Redis
*/
*/
func createKey(authentication string) string {
return "oauth2-authenticator." + authentication
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment