auth MW refactor
This commit is contained in:
nquidox
parent
a7530a6324
commit
0903bc55eb
7 changed files with 15 additions and 148 deletions
|
|
@ -65,23 +65,5 @@ func (r *router) Set() *gin.Engine {
|
|||
//swagger
|
||||
r.engine.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler))
|
||||
|
||||
r.engine.Use(authMiddleware(mwDeps{
|
||||
prefix: r.apiPrefix,
|
||||
excludeRoutes: &r.excludeRoutes,
|
||||
tokenProv: r.tokenProv,
|
||||
}))
|
||||
|
||||
return r.engine
|
||||
}
|
||||
|
||||
func (r *router) ExcludeRoutes(routes []shared.ExcludeRoute) {
|
||||
log.Debug("Excluded routes:")
|
||||
excludedRoutes := make(map[string]shared.ExcludeRoute, len(routes))
|
||||
|
||||
for _, route := range routes {
|
||||
log.Debugf("%s %s", route.Method, route.Route)
|
||||
ex := joinPaths(r.apiPrefix, route.Route)
|
||||
excludedRoutes[ex] = shared.ExcludeRoute{Route: ex, Method: route.Method}
|
||||
}
|
||||
r.excludeRoutes = excludedRoutes
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,64 +0,0 @@
|
|||
package router
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"merch-parser-api/internal/shared"
|
||||
"net/http"
|
||||
"strings"
|
||||
)
|
||||
|
||||
func excluded(prefix, path, method string, excludedRoutes *map[string]shared.ExcludeRoute) bool {
|
||||
if excludedRoutes == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
nPath := normalizePath(path)
|
||||
|
||||
switch {
|
||||
case nPath == "/"+prefix && method == http.MethodGet: //ignore api base path for GET method
|
||||
return true
|
||||
case nPath == "/swagger/*any":
|
||||
return true
|
||||
case nPath == "/version":
|
||||
return true
|
||||
}
|
||||
|
||||
if value, ok := (*excludedRoutes)[nPath]; ok {
|
||||
fmt.Println(value, ok)
|
||||
if isSameRoute(nPath, value.Route) && value.Method == method {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
func normalizePath(path string) string {
|
||||
return strings.TrimRight(path, "/")
|
||||
}
|
||||
|
||||
func joinPaths(paths ...string) string {
|
||||
result := ""
|
||||
for _, p := range paths {
|
||||
if result == "" {
|
||||
result = strings.TrimRight(p, "/")
|
||||
} else {
|
||||
result = result + "/" + strings.Trim(p, "/")
|
||||
}
|
||||
}
|
||||
return "/" + strings.TrimLeft(result, "/")
|
||||
}
|
||||
|
||||
func isSameRoute(path, excluded string) bool {
|
||||
path = strings.Split(path, "?")[0]
|
||||
path = strings.TrimSuffix(path, "/")
|
||||
excluded = strings.TrimSuffix(excluded, "/")
|
||||
|
||||
if strings.HasSuffix(excluded, "/*any") || strings.HasSuffix(excluded, "/*") {
|
||||
base := strings.TrimSuffix(excluded, "/*any")
|
||||
base = strings.TrimSuffix(base, "/*")
|
||||
return strings.HasPrefix(path, base)
|
||||
}
|
||||
|
||||
return path == excluded
|
||||
}
|
||||
|
|
@ -3,42 +3,12 @@ package router
|
|||
import (
|
||||
"github.com/gin-gonic/gin"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"merch-parser-api/internal/interfaces"
|
||||
"merch-parser-api/internal/shared"
|
||||
"merch-parser-api/pkg/responses"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
type mwDeps struct {
|
||||
prefix string
|
||||
excludeRoutes *map[string]shared.ExcludeRoute
|
||||
tokenProv interfaces.JWTProvider
|
||||
}
|
||||
|
||||
func authMiddleware(deps mwDeps) gin.HandlerFunc {
|
||||
func (r *router) AuthMW() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
if excluded(deps.prefix, c.FullPath(), c.Request.Method, deps.excludeRoutes) {
|
||||
log.WithField("msg", "route excluded from auth check").Info("MW | Authorization")
|
||||
c.Next()
|
||||
return
|
||||
}
|
||||
|
||||
if (c.FullPath() == "/user/auth/refresh" || c.FullPath() == "/user/auth/logout") && c.Request.Method == "POST" {
|
||||
refreshUuid, err := c.Cookie("refresh_uuid")
|
||||
if err != nil {
|
||||
c.JSON(http.StatusUnauthorized, responses.ErrorResponse401{Error: "Refresh token is required"})
|
||||
log.WithField("msg", "Refresh token is required").Error("MW | Authorization")
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
||||
c.Set("refreshUuid", refreshUuid)
|
||||
|
||||
log.WithField("msg", "refresh token set to context").Debug("MW | Authorization")
|
||||
c.Next()
|
||||
return
|
||||
}
|
||||
|
||||
token := c.GetHeader("Authorization")
|
||||
if token == "" {
|
||||
c.JSON(http.StatusUnauthorized, responses.ErrorResponse401{Error: "Authorization token is required"})
|
||||
|
|
@ -47,7 +17,7 @@ func authMiddleware(deps mwDeps) gin.HandlerFunc {
|
|||
return
|
||||
}
|
||||
|
||||
userUuid, err := deps.tokenProv.Parse(token)
|
||||
userUuid, err := r.tokenProv.Parse(token)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusUnauthorized, responses.ErrorResponse401{Error: err.Error()})
|
||||
log.WithField("msg", "error parsing jwt").Error("MW | Authorization")
|
||||
|
|
@ -56,14 +26,8 @@ func authMiddleware(deps mwDeps) gin.HandlerFunc {
|
|||
}
|
||||
|
||||
c.Set("userUuid", userUuid)
|
||||
log.WithField("userUuid", userUuid).Debug("MW | User uuid")
|
||||
|
||||
log.WithFields(log.Fields{
|
||||
"userUuid": userUuid,
|
||||
}).Debug("MW | Parsed uuids")
|
||||
|
||||
if !c.IsAborted() {
|
||||
log.WithField("msg", "context aborted").Info("MW | Authorization")
|
||||
c.Next()
|
||||
}
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue