aiden
/
synctv
mirror of https://github.com/synctv-org/synctv
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Opt: auto admin,root middlewares reuse AuthUserMiddleware

Browse Source
pull/83/head
zijiren233 1 year ago
parent a329961a19
commit 4cfc90277e
1 changed files with 31 additions and 62 deletions
Show Stats Download Patch File Download Diff File

93
server/middlewares/auth.go
Unescape Escape View File

@ -12,6 +12,7 @@ import (
"github.com/synctv-org/synctv/internal/conf"
"github.com/synctv-org/synctv/internal/op"
"github.com/synctv-org/synctv/server/model"
"github.com/zijiren233/gencontainer/synccache"
"github.com/zijiren233/stream"
)
@ -180,18 +181,17 @@ func NewAuthRoomToken(user *op.User, room *op.Room) (string, error) {
return jwt.NewWithClaims(jwt.SigningMethodHS256, claims).SignedString(stream.StringToBytes(conf.Conf.Jwt.Secret))
}
func AuthRoomMiddleware(ctx *gin.Context) {
func AuthUserMiddleware(ctx *gin.Context) {
token, err := GetAuthorizationTokenFromContext(ctx)
if err != nil {
ctx.AbortWithStatusJSON(http.StatusUnauthorized, model.NewApiErrorResp(err))
return
}
userE, roomE, err := AuthRoom(token)
userE, err := AuthUser(token)
if err != nil {
ctx.AbortWithStatusJSON(http.StatusUnauthorized, model.NewApiErrorResp(err))
return
}
user := userE.Value()
if user.IsBanned() {
ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorStringResp("user banned"))
@ -202,41 +202,28 @@ func AuthRoomMiddleware(ctx *gin.Context) {
return
}
room := roomE.Value()
if room.IsBanned() {
ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorStringResp("room banned"))
return
}
if room.IsPending() {
ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorStringResp("room is pending, need admin to approve"))
return
}
ctx.Set("user", userE)
ctx.Set("room", roomE)
log := ctx.MustGet("log").(*logrus.Entry)
if log.Data == nil {
log.Data = make(logrus.Fields, 5)
log.Data = make(logrus.Fields, 3)
}
log.Data["rid"] = room.ID
log.Data["rnm"] = room.Name
log.Data["uid"] = user.ID
log.Data["unm"] = user.Username
log.Data["uro"] = user.Role.String()
ctx.Next()
}
func AuthUserMiddleware(ctx *gin.Context) {
func AuthRoomMiddleware(ctx *gin.Context) {
token, err := GetAuthorizationTokenFromContext(ctx)
if err != nil {
ctx.AbortWithStatusJSON(http.StatusUnauthorized, model.NewApiErrorResp(err))
return
}
userE, err := AuthUser(token)
userE, roomE, err := AuthRoom(token)
if err != nil {
ctx.AbortWithStatusJSON(http.StatusUnauthorized, model.NewApiErrorResp(err))
return
}
user := userE.Value()
if user.IsBanned() {
ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorStringResp("user banned"))
@ -247,71 +234,53 @@ func AuthUserMiddleware(ctx *gin.Context) {
return
}
room := roomE.Value()
if room.IsBanned() {
ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorStringResp("room banned"))
return
}
if room.IsPending() {
ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorStringResp("room is pending, need admin to approve"))
return
}
ctx.Set("user", userE)
ctx.Set("room", roomE)
log := ctx.MustGet("log").(*logrus.Entry)
if log.Data == nil {
log.Data = make(logrus.Fields, 3)
log.Data = make(logrus.Fields, 5)
}
log.Data["rid"] = room.ID
log.Data["rnm"] = room.Name
log.Data["uid"] = user.ID
log.Data["unm"] = user.Username
log.Data["uro"] = user.Role.String()
ctx.Next()
}
func AuthAdminMiddleware(ctx *gin.Context) {
token, err := GetAuthorizationTokenFromContext(ctx)
if err != nil {
ctx.AbortWithStatusJSON(http.StatusUnauthorized, model.NewApiErrorResp(err))
return
}
userE, err := AuthUser(token)
if err != nil {
ctx.AbortWithStatusJSON(http.StatusUnauthorized, model.NewApiErrorResp(err))
AuthUserMiddleware(ctx)
if ctx.IsAborted() {
return
}
user := userE.Value()
if !user.IsAdmin() {
userE := ctx.MustGet("user").(*synccache.Entry[*op.User])
if !userE.Value().IsAdmin() {
ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorStringResp("user is not admin"))
return
}
ctx.Set("user", userE)
log := ctx.MustGet("log").(*logrus.Entry)
if log.Data == nil {
log.Data = make(logrus.Fields, 3)
}
log.Data["uid"] = user.ID
log.Data["unm"] = user.Username
log.Data["uro"] = user.Role.String()
ctx.Next()
}
func AuthRootMiddleware(ctx *gin.Context) {
token, err := GetAuthorizationTokenFromContext(ctx)
if err != nil {
ctx.AbortWithStatusJSON(http.StatusUnauthorized, model.NewApiErrorResp(err))
return
}
userE, err := AuthUser(token)
if err != nil {
ctx.AbortWithStatusJSON(http.StatusUnauthorized, model.NewApiErrorResp(err))
AuthUserMiddleware(ctx)
if ctx.IsAborted() {
return
}
user := userE.Value()
if !user.IsRoot() {
userE := ctx.MustGet("user").(*synccache.Entry[*op.User])
if !userE.Value().IsRoot() {
ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorStringResp("user is not root"))
return
}
ctx.Set("user", userE)
log := ctx.MustGet("log").(*logrus.Entry)
if log.Data == nil {
log.Data = make(logrus.Fields, 3)
}
log.Data["uid"] = user.ID
log.Data["unm"] = user.Username
log.Data["uro"] = user.Role.String()
ctx.Next()
}
func GetAuthorizationTokenFromContext(ctx *gin.Context) (string, error) {

Write Preview
Loading…
Cancel
Save