47 lines
911 B
Go
47 lines
911 B
Go
package auth
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"git.acooldomain.co/server-manager/backend/models"
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
const AuthorizedParam string = "authorized"
|
|
|
|
func AuthorizedTo(requiredPermissions models.Permission) gin.HandlerFunc {
|
|
return func(ctx *gin.Context) {
|
|
claimsPointer, exists := ctx.Get("claims")
|
|
if !exists {
|
|
ctx.AbortWithError(500, fmt.Errorf("Did not call LoggedIn first"))
|
|
return
|
|
}
|
|
|
|
claims, ok := claimsPointer.(*AuthClaims)
|
|
if !ok {
|
|
return
|
|
}
|
|
|
|
if (requiredPermissions&claims.Permissions != requiredPermissions) && (models.Admin&claims.Permissions != models.Admin) {
|
|
return
|
|
}
|
|
|
|
ctx.Set(AuthorizedParam, true)
|
|
}
|
|
}
|
|
|
|
func AuthorizationEnforcer() gin.HandlerFunc {
|
|
return func(ctx *gin.Context) {
|
|
authorized, exists := ctx.Get(AuthorizedParam)
|
|
if !exists {
|
|
ctx.AbortWithStatus(403)
|
|
return
|
|
}
|
|
|
|
if !authorized.(bool) {
|
|
ctx.AbortWithStatus(403)
|
|
}
|
|
|
|
}
|
|
}
|