Added endpoint to verify permission for requested url and service
This commit is contained in:
@@ -1,25 +1,49 @@
|
|||||||
package server
|
package server
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
dto "git.ego.freeddns.org/egommerce/api-entities/identity/dto"
|
||||||
domain "git.ego.freeddns.org/egommerce/identity-service/domain/repository"
|
domain "git.ego.freeddns.org/egommerce/identity-service/domain/repository"
|
||||||
"git.ego.freeddns.org/egommerce/identity-service/internal/service"
|
"git.ego.freeddns.org/egommerce/identity-service/internal/service"
|
||||||
"github.com/gofiber/fiber/v2"
|
"github.com/gofiber/fiber/v2"
|
||||||
)
|
)
|
||||||
|
|
||||||
func (s *Server) AccessHandlerFn(c *fiber.Ctx) error {
|
func (s *Server) AccessHandlerFn(c *fiber.Ctx) error {
|
||||||
url, srvName := c.Query("q"), c.Query("srv")
|
|
||||||
|
|
||||||
urlRepo := domain.NewURLAccessRepository(s.GetDatabase())
|
|
||||||
|
|
||||||
userRepo := domain.NewUserRepository(s.GetDatabase())
|
userRepo := domain.NewUserRepository(s.GetDatabase())
|
||||||
|
roleRepo := domain.NewRoleRepository(s.GetDatabase())
|
||||||
|
urlRepo := domain.NewURLAccessRepository(s.GetDatabase())
|
||||||
authSrv := service.NewAuthService(userRepo, s.GetCache())
|
authSrv := service.NewAuthService(userRepo, s.GetCache())
|
||||||
|
|
||||||
authSrv.VerifyToken("asd")
|
url, srvName := c.Query("q"), c.Query("srv")
|
||||||
|
|
||||||
urlAcc, err := urlRepo.FindByURLAndService(url, srvName)
|
header := new(dto.AuthorizationHeaderDTO)
|
||||||
if err != nil {
|
c.ReqHeaderParser(header)
|
||||||
return s.Error(c, fiber.StatusBadRequest, "unable to fetch requested url data")
|
|
||||||
|
token, err := authSrv.GetTokenFromAuthorizationHeader(header.Authorization)
|
||||||
|
if err != nil { // FIXME probably never get here cause of jwt parsing in middlewares
|
||||||
|
return s.Error(c, fiber.StatusNotFound, err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
return c.JSON(urlAcc.Roles)
|
uid, _ := authSrv.GetUIDByAccesssToken(token)
|
||||||
|
user, err := userRepo.FindByID(uid)
|
||||||
|
if err != nil {
|
||||||
|
return s.Error(c, fiber.StatusNotFound, "user not found")
|
||||||
|
}
|
||||||
|
|
||||||
|
role := roleRepo.GetUserRole(user)
|
||||||
|
|
||||||
|
urlAcc, err := urlRepo.FindByURLAndServiceForRole(url, srvName, role.Name)
|
||||||
|
if err != nil {
|
||||||
|
return s.Error(c, fiber.StatusNotFound, "user has not required permission")
|
||||||
|
}
|
||||||
|
|
||||||
|
fmt.Printf("urlAcc: %#v", urlAcc)
|
||||||
|
|
||||||
|
// roles := urlRepo.FindForUser()
|
||||||
|
// guardSrv := service.NewGuardService()
|
||||||
|
|
||||||
|
// guard.CheckAccess("asd")
|
||||||
|
|
||||||
|
return c.SendStatus(fiber.StatusNoContent)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -21,7 +21,7 @@ var (
|
|||||||
var jwtSrv *JWT
|
var jwtSrv *JWT
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
expAccessTokenTime, _ := strconv.Atoi(cnf.GetEnv("JWT_ACCESS_TOKEN_EXPIRE_TIME", "5"))
|
expAccessTokenTime, _ := strconv.Atoi(cnf.GetEnv("JWT_ACCESS_TOKEN_EXPIRE_TIME", "1"))
|
||||||
accessTokenExpireTime = time.Duration(int(time.Hour) * expAccessTokenTime) // hours
|
accessTokenExpireTime = time.Duration(int(time.Hour) * expAccessTokenTime) // hours
|
||||||
|
|
||||||
expRefreshTokenTime, _ := strconv.Atoi(cnf.GetEnv("JWT_REFRESH_TOKEN_EXPIRE_TIME", "7"))
|
expRefreshTokenTime, _ := strconv.Atoi(cnf.GetEnv("JWT_REFRESH_TOKEN_EXPIRE_TIME", "7"))
|
||||||
|
|||||||
Reference in New Issue
Block a user