Added endpoint to verify permission for requested url and service
This commit is contained in:
@@ -1,25 +1,49 @@
|
||||
package server
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
dto "git.ego.freeddns.org/egommerce/api-entities/identity/dto"
|
||||
domain "git.ego.freeddns.org/egommerce/identity-service/domain/repository"
|
||||
"git.ego.freeddns.org/egommerce/identity-service/internal/service"
|
||||
"github.com/gofiber/fiber/v2"
|
||||
)
|
||||
|
||||
func (s *Server) AccessHandlerFn(c *fiber.Ctx) error {
|
||||
url, srvName := c.Query("q"), c.Query("srv")
|
||||
|
||||
urlRepo := domain.NewURLAccessRepository(s.GetDatabase())
|
||||
|
||||
userRepo := domain.NewUserRepository(s.GetDatabase())
|
||||
roleRepo := domain.NewRoleRepository(s.GetDatabase())
|
||||
urlRepo := domain.NewURLAccessRepository(s.GetDatabase())
|
||||
authSrv := service.NewAuthService(userRepo, s.GetCache())
|
||||
|
||||
authSrv.VerifyToken("asd")
|
||||
url, srvName := c.Query("q"), c.Query("srv")
|
||||
|
||||
urlAcc, err := urlRepo.FindByURLAndService(url, srvName)
|
||||
if err != nil {
|
||||
return s.Error(c, fiber.StatusBadRequest, "unable to fetch requested url data")
|
||||
header := new(dto.AuthorizationHeaderDTO)
|
||||
c.ReqHeaderParser(header)
|
||||
|
||||
token, err := authSrv.GetTokenFromAuthorizationHeader(header.Authorization)
|
||||
if err != nil { // FIXME probably never get here cause of jwt parsing in middlewares
|
||||
return s.Error(c, fiber.StatusNotFound, err.Error())
|
||||
}
|
||||
|
||||
return c.JSON(urlAcc.Roles)
|
||||
uid, _ := authSrv.GetUIDByAccesssToken(token)
|
||||
user, err := userRepo.FindByID(uid)
|
||||
if err != nil {
|
||||
return s.Error(c, fiber.StatusNotFound, "user not found")
|
||||
}
|
||||
|
||||
role := roleRepo.GetUserRole(user)
|
||||
|
||||
urlAcc, err := urlRepo.FindByURLAndServiceForRole(url, srvName, role.Name)
|
||||
if err != nil {
|
||||
return s.Error(c, fiber.StatusNotFound, "user has not required permission")
|
||||
}
|
||||
|
||||
fmt.Printf("urlAcc: %#v", urlAcc)
|
||||
|
||||
// roles := urlRepo.FindForUser()
|
||||
// guardSrv := service.NewGuardService()
|
||||
|
||||
// guard.CheckAccess("asd")
|
||||
|
||||
return c.SendStatus(fiber.StatusNoContent)
|
||||
}
|
||||
|
||||
@@ -21,7 +21,7 @@ var (
|
||||
var jwtSrv *JWT
|
||||
|
||||
func init() {
|
||||
expAccessTokenTime, _ := strconv.Atoi(cnf.GetEnv("JWT_ACCESS_TOKEN_EXPIRE_TIME", "5"))
|
||||
expAccessTokenTime, _ := strconv.Atoi(cnf.GetEnv("JWT_ACCESS_TOKEN_EXPIRE_TIME", "1"))
|
||||
accessTokenExpireTime = time.Duration(int(time.Hour) * expAccessTokenTime) // hours
|
||||
|
||||
expRefreshTokenTime, _ := strconv.Atoi(cnf.GetEnv("JWT_REFRESH_TOKEN_EXPIRE_TIME", "7"))
|
||||
|
||||
Reference in New Issue
Block a user