cslms-api/internal/middleware/auth.go

package middleware

import (
	"errors"
	"fmt"
	"net/http"
	"strings"

	config "learnsteam/cslms-api/configs"
	"learnsteam/cslms-api/internal/database"
	"learnsteam/cslms-api/internal/models"

	"github.com/gin-gonic/gin"
	"github.com/golang-jwt/jwt/v5"
)

func Auth(permission string) gin.HandlerFunc {
	return func(c *gin.Context) {
		sub, err := UserID(c.Request)
		if err != nil {
			c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})
			c.Abort()
			return
		}

		role, err := Role(c.Request)
		if err != nil {
			c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})
			c.Abort()
			return
		}

		if permission != "member" && *role != permission {
			fmt.Println("permission", permission, "role", *role)
			c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})
			c.Abort()
			return
		}

		valid := Valid(c.Request)
		if !valid {
			c.JSON(http.StatusUnauthorized, gin.H{"error": "token is not valid"})
			c.Abort()
			return
		}

		c.Set("token", Extract(c.Request))
		c.Set("sub", sub)
		c.Set("role", role)
		c.Next()
	}
}

func Permission(permission *string) gin.HandlerFunc {
	return func(c *gin.Context) {
		sub, err := UserID(c.Request)
		if err != nil {
			c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})
			c.Abort()
			return
		}

		role, err := Role(c.Request)
		if err != nil {
			c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})
			c.Abort()
			return
		}

		if role != permission {
			c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})
			c.Abort()
			return
		}

		valid := Valid(c.Request)
		if !valid {
			c.JSON(http.StatusUnauthorized, gin.H{"error": "token is not valid"})
			c.Abort()
			return
		}

		c.Set("token", Extract(c.Request))
		c.Set("sub", sub)
		c.Set("role", role)
		c.Next()
	}
}

func Extract(r *http.Request) string {
	authorization := r.Header.Get("Authorization")
	strArr := strings.Split(authorization, " ")
	if len(strArr) == 2 {
		return strArr[1]
	}
	return ""
}

func Verify(r *http.Request) (*jwt.Token, error) {
	tokenString := Extract(r)
	jwtToken, err := jwt.Parse(tokenString, func(jwtToken *jwt.Token) (interface{}, error) {
		if _, ok := jwtToken.Method.(*jwt.SigningMethodHMAC); !ok {
			return nil, fmt.Errorf("unexpected signing method: %v", jwtToken.Header["alg"])
		}
		return []byte(config.SECRET_KEY), nil
	})

	return jwtToken, err
}

func UserID(r *http.Request) (int64, error) {
	jwtToken, err := Verify(r)
	if err != nil {
		fmt.Println(err)
		return -1, err
	}

	claims, ok := jwtToken.Claims.(jwt.MapClaims)
	if !ok || !jwtToken.Valid {
		return -1, errors.New("refresh token is invalid")
	}

	sub := claims["sub"].(float64)
	user_id := int64(sub)
	if err != nil {
		return -1, err
	}
	fmt.Println(user_id)

	return user_id, nil
}

func Role(r *http.Request) (*string, error) {
	jwtToken, err := Verify(r)
	if err != nil {
		return nil, err
	}

	claims, ok := jwtToken.Claims.(jwt.MapClaims)
	if !ok || !jwtToken.Valid {
		return nil, errors.New("refresh token is invalid")
	}

	role := claims["role"].(string)

	return &role, nil
}

func Valid(r *http.Request) bool {
	tokenString := Extract(r)
	var token models.Token
	fmt.Println(tokenString)
	err := database.DB.Where("token = ? AND status = ?", tokenString, "on").First(&token).Error
	fmt.Println(&token)
	return err == nil
}
first commit 2023-12-27 17:31:49 +09:00			`package middleware`

			`import (`
			`"errors"`
			`"fmt"`
			`"net/http"`
			`"strings"`

			`config "learnsteam/cslms-api/configs"`
Logout 2023-12-29 00:27:12 +09:00			`"learnsteam/cslms-api/internal/database"`
			`"learnsteam/cslms-api/internal/models"`
first commit 2023-12-27 17:31:49 +09:00
			`"github.com/gin-gonic/gin"`
			`"github.com/golang-jwt/jwt/v5"`
			`)`

			`func Auth(permission string) gin.HandlerFunc {`
			`return func(c *gin.Context) {`
			`sub, err := UserID(c.Request)`
			`if err != nil {`
			`c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})`
			`c.Abort()`
			`return`
			`}`

			`role, err := Role(c.Request)`
			`if err != nil {`
			`c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})`
			`c.Abort()`
			`return`
			`}`

			`if permission != "member" && *role != permission {`
			`fmt.Println("permission", permission, "role", *role)`
			`c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})`
			`c.Abort()`
			`return`
			`}`

Logout 2023-12-29 00:27:12 +09:00			`valid := Valid(c.Request)`
			`if !valid {`
			`c.JSON(http.StatusUnauthorized, gin.H{"error": "token is not valid"})`
			`c.Abort()`
			`return`
			`}`
first commit 2023-12-27 17:31:49 +09:00
Logout 2023-12-29 00:27:12 +09:00			`c.Set("token", Extract(c.Request))`
first commit 2023-12-27 17:31:49 +09:00			`c.Set("sub", sub)`
			`c.Set("role", role)`
			`c.Next()`
			`}`
			`}`

			`func Permission(permission *string) gin.HandlerFunc {`
			`return func(c *gin.Context) {`
			`sub, err := UserID(c.Request)`
			`if err != nil {`
			`c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})`
			`c.Abort()`
			`return`
			`}`

			`role, err := Role(c.Request)`
			`if err != nil {`
			`c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})`
			`c.Abort()`
			`return`
			`}`

			`if role != permission {`
			`c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})`
			`c.Abort()`
			`return`
			`}`

Logout 2023-12-29 00:27:12 +09:00			`valid := Valid(c.Request)`
			`if !valid {`
			`c.JSON(http.StatusUnauthorized, gin.H{"error": "token is not valid"})`
			`c.Abort()`
			`return`
			`}`
first commit 2023-12-27 17:31:49 +09:00
Logout 2023-12-29 00:27:12 +09:00			`c.Set("token", Extract(c.Request))`
first commit 2023-12-27 17:31:49 +09:00			`c.Set("sub", sub)`
			`c.Set("role", role)`
			`c.Next()`
			`}`
			`}`

Logout 2023-12-29 00:27:12 +09:00			`func Extract(r *http.Request) string {`
first commit 2023-12-27 17:31:49 +09:00			`authorization := r.Header.Get("Authorization")`
			`strArr := strings.Split(authorization, " ")`
			`if len(strArr) == 2 {`
			`return strArr[1]`
			`}`
			`return ""`
			`}`

Logout 2023-12-29 00:27:12 +09:00			`func Verify(r http.Request) (jwt.Token, error) {`
			`tokenString := Extract(r)`
first commit 2023-12-27 17:31:49 +09:00			`jwtToken, err := jwt.Parse(tokenString, func(jwtToken *jwt.Token) (interface{}, error) {`
			`if _, ok := jwtToken.Method.(*jwt.SigningMethodHMAC); !ok {`
			`return nil, fmt.Errorf("unexpected signing method: %v", jwtToken.Header["alg"])`
			`}`
			`return []byte(config.SECRET_KEY), nil`
			`})`

			`return jwtToken, err`
			`}`

			`func UserID(r *http.Request) (int64, error) {`
Logout 2023-12-29 00:27:12 +09:00			`jwtToken, err := Verify(r)`
first commit 2023-12-27 17:31:49 +09:00			`if err != nil {`
Logout 2023-12-29 00:27:12 +09:00			`fmt.Println(err)`
first commit 2023-12-27 17:31:49 +09:00			`return -1, err`
			`}`

			`claims, ok := jwtToken.Claims.(jwt.MapClaims)`
			`if !ok \|\| !jwtToken.Valid {`
			`return -1, errors.New("refresh token is invalid")`
			`}`

			`sub := claims["sub"].(float64)`
			`user_id := int64(sub)`
			`if err != nil {`
			`return -1, err`
			`}`
			`fmt.Println(user_id)`

			`return user_id, nil`
			`}`

			`func Role(r http.Request) (string, error) {`
Logout 2023-12-29 00:27:12 +09:00			`jwtToken, err := Verify(r)`
first commit 2023-12-27 17:31:49 +09:00			`if err != nil {`
			`return nil, err`
			`}`

			`claims, ok := jwtToken.Claims.(jwt.MapClaims)`
			`if !ok \|\| !jwtToken.Valid {`
			`return nil, errors.New("refresh token is invalid")`
			`}`

			`role := claims["role"].(string)`

			`return &role, nil`
			`}`
Logout 2023-12-29 00:27:12 +09:00
			`func Valid(r *http.Request) bool {`
			`tokenString := Extract(r)`
			`var token models.Token`
			`fmt.Println(tokenString)`
			`err := database.DB.Where("token = ? AND status = ?", tokenString, "on").First(&token).Error`
			`fmt.Println(&token)`
			`return err == nil`
			`}`