all repos

onasty @ 2cd7240e79ef685c68bf8ad11ef49daf1ddd9965

a one-time notes service

onasty/internal/transport/http/apiv1/middleware.go(view raw) 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
 
package apiv1

import (
	"context"
	"errors"
	"strings"

	"github.com/gin-gonic/gin"
	"github.com/gofrs/uuid/v5"
	"github.com/olexsmir/onasty/internal/service/usersrv"
)

var ErrUnauthorized = errors.New("unauthorized")

const userIDCtxKey = "userID"

func (a *APIV1) authorizedMiddleware(c *gin.Context) {
	token, ok := getTokenFromAuthHeaders(c)
	if !ok {
		errorResponse(c, ErrUnauthorized)
		return
	}

	ok, err := checkIfUserIsReal(c.Request.Context(), token, a.usersrv)
	if err != nil {
		errorResponse(c, err)
		return
	}

	if !ok {
		errorResponse(c, ErrUnauthorized)
		return
	}

	if err := saveUserIDToCtx(c, a.usersrv, token); err != nil {
		errorResponse(c, err)
		return
	}

	c.Next()
}

//nolint:unused // TODO: remove me later
func (a *APIV1) couldBeAuthorizedMiddleware(c *gin.Context) {
	token, ok := getTokenFromAuthHeaders(c)
	if ok {
		ok, err := checkIfUserIsReal(c.Request.Context(), token, a.usersrv)
		if err != nil {
			errorResponse(c, err)
			return
		}

		if !ok {
			errorResponse(c, ErrUnauthorized)
			return
		}

		if err := saveUserIDToCtx(c, a.usersrv, token); err != nil {
			newInternalError(c, err)
			return
		}
	}

	c.Next()
}

//nolint:unused // TODO: remove me later
func (a *APIV1) isUserAuthorized(c *gin.Context) bool {
	return !getUserID(c).IsNil()
}

func getTokenFromAuthHeaders(c *gin.Context) (token string, ok bool) { //nolint:nonamedreturns
	header := c.GetHeader("Authorization")
	if header == "" {
		return "", false
	}

	headerParts := strings.Split(header, " ")
	if len(headerParts) != 2 && headerParts[0] != "Bearer" {
		return "", false
	}

	if len(headerParts[1]) == 0 {
		return "", false
	}

	return headerParts[1], true
}

func saveUserIDToCtx(c *gin.Context, us usersrv.UserServicer, token string) error {
	pl, err := us.ParseToken(token)
	if err != nil {
		return err
	}

	c.Set(userIDCtxKey, pl.UserID)

	return nil
}

// getUserId returns userId from the context
// getting user id is only possible if user is authorized
func getUserID(c *gin.Context) uuid.UUID {
	userID, exists := c.Get(userIDCtxKey)
	if !exists {
		return uuid.Nil
	}
	return uuid.Must(uuid.FromString(userID.(string)))
}

func checkIfUserIsReal(
	ctx context.Context,
	accessToken string,
	us usersrv.UserServicer,
) (bool, error) {
	parsedToken, err := us.ParseToken(accessToken)
	if err != nil {
		return false, err
	}

	return us.CheckIfUserExists(
		ctx,
		uuid.Must(uuid.FromString(parsedToken.UserID)),
	)
}