add/rm tokens, register with token

2025-04-15 00:12:34 +02:00
parent 6d63e53200
commit 3955d8626a
7 changed files with 222 additions and 15 deletions
--- a/middlewares/requireAuth.go
+++ b/middlewares/requireAuth.go
@@ -1,13 +1,13 @@
 package middlewares

-import(
-	"os"
+import (
 	"fmt"
+	"os"
 	"time"
 	//"strconv"
-	"net/http"
 	"github.com/gin-gonic/gin"
 	"github.com/golang-jwt/jwt/v5"
+	"net/http"

 	//"git.dynamicdiscord.de/kalipso/zineshop/models"
 	"git.dynamicdiscord.de/kalipso/zineshop/repositories"
@@ -70,7 +70,7 @@ func (av *AuthValidator) RequireAuth(c *gin.Context) {
 		c.AbortWithStatus(http.StatusUnauthorized)
 		return
 	}
-	
+
 	if claims, ok := token.Claims.(jwt.MapClaims); ok {
 		//Check Expiration
 		if float64(time.Now().Unix()) > claims["exp"].(float64) {
@@ -78,7 +78,7 @@ func (av *AuthValidator) RequireAuth(c *gin.Context) {
 			c.AbortWithStatus(http.StatusUnauthorized)
 			return
 		}
-		
+
 		//Find user
 		user, err := repositories.Users.GetById(claims["sub"])

@@ -86,15 +86,72 @@ func (av *AuthValidator) RequireAuth(c *gin.Context) {
 			c.AbortWithStatus(http.StatusUnauthorized)
 			return
 		}
-	
+
 		//Attach to req
 		c.Set("user", user)
-	
+
 		// Coninue
 		c.Next()
 		return
 	}
-	
+
+	c.AbortWithStatus(http.StatusUnauthorized)
+}
+
+func (av *AuthValidator) RequireAdmin(c *gin.Context) {
+	// Get Cookie
+	tokenString, err := c.Cookie("Authorization")
+
+	if err != nil {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	//Validate
+	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
+		// Don't forget to validate the alg is what you expect:
+		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+			return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
+		}
+
+		// hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key")
+		return []byte(os.Getenv("SECRET")), nil
+	})
+
+	if err != nil {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	if claims, ok := token.Claims.(jwt.MapClaims); ok {
+		//Check Expiration
+		if float64(time.Now().Unix()) > claims["exp"].(float64) {
+			//expired
+			c.AbortWithStatus(http.StatusUnauthorized)
+			return
+		}
+
+		//Find user
+		user, err := repositories.Users.GetById(claims["sub"])
+
+		if err != nil {
+			c.AbortWithStatus(http.StatusUnauthorized)
+			return
+		}
+
+		if !user.IsAdmin {
+			c.AbortWithStatus(http.StatusUnauthorized)
+			return
+		}
+
+		//Attach to req
+		c.Set("user", user)
+
+		// Coninue
+		c.Next()
+		return
+	}
+
 	c.AbortWithStatus(http.StatusUnauthorized)
 }

@@ -119,19 +176,19 @@ func (av *AuthValidator) OptionalAuth(c *gin.Context) {
 	if err != nil {
 		return
 	}
-	
+
 	if claims, ok := token.Claims.(jwt.MapClaims); ok {
 		if float64(time.Now().Unix()) > claims["exp"].(float64) {
 			return
 		}
-		
+
 		//Find user
 		user, err := repositories.Users.GetById(claims["sub"])

 		if err != nil {
 			return
 		}
-	
+
 		//Attach to req
 		c.Set("user", user)
 	}