2025-11-17 18:38:10 +08:00
|
|
|
package auth
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
m "platform/web/models"
|
|
|
|
|
|
|
|
|
|
"github.com/gofiber/fiber/v2"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type AuthCtx struct {
|
|
|
|
|
User *m.User `json:"account,omitempty"`
|
|
|
|
|
Admin *m.Admin `json:"admin,omitempty"`
|
|
|
|
|
Client *m.Client `json:"client,omitempty"`
|
|
|
|
|
Scopes []string `json:"scopes,omitempty"`
|
|
|
|
|
Session *m.Session `json:"session,omitempty"`
|
|
|
|
|
smap map[string]struct{}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (a *AuthCtx) PermitUser(scopes ...string) (*AuthCtx, error) {
|
|
|
|
|
if a.User == nil {
|
|
|
|
|
return a, ErrAuthenticateForbidden
|
|
|
|
|
}
|
|
|
|
|
if !a.checkScopes(scopes...) {
|
|
|
|
|
return a, ErrAuthenticateForbidden
|
|
|
|
|
}
|
|
|
|
|
return a, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (a *AuthCtx) PermitAdmin(scopes ...string) (*AuthCtx, error) {
|
|
|
|
|
if a.Admin == nil {
|
|
|
|
|
return a, ErrAuthenticateForbidden
|
|
|
|
|
}
|
|
|
|
|
if !a.checkScopes(scopes...) {
|
|
|
|
|
return a, ErrAuthenticateForbidden
|
|
|
|
|
}
|
|
|
|
|
return a, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (a *AuthCtx) PermitSecretClient(scopes ...string) (*AuthCtx, error) {
|
|
|
|
|
if a.Client == nil {
|
|
|
|
|
return a, ErrAuthenticateForbidden
|
|
|
|
|
}
|
2025-11-24 18:44:06 +08:00
|
|
|
if a.Client.Spec != m.ClientSpecAPI && a.Client.Spec != m.ClientSpecWeb {
|
2025-11-17 18:38:10 +08:00
|
|
|
return a, ErrAuthenticateForbidden
|
|
|
|
|
}
|
|
|
|
|
if !a.checkScopes(scopes...) {
|
|
|
|
|
return a, ErrAuthenticateForbidden
|
|
|
|
|
}
|
|
|
|
|
return a, nil
|
|
|
|
|
}
|
|
|
|
|
|
2025-11-24 18:44:06 +08:00
|
|
|
func (a *AuthCtx) PermitOfficialClient(scopes ...string) (*AuthCtx, error) {
|
2025-11-17 18:38:10 +08:00
|
|
|
if a.Client == nil {
|
|
|
|
|
return a, ErrAuthenticateForbidden
|
|
|
|
|
}
|
2025-11-24 18:44:06 +08:00
|
|
|
if a.Client.Spec != m.ClientSpecAPI && a.Client.Spec != m.ClientSpecWeb {
|
2025-11-17 18:38:10 +08:00
|
|
|
return a, ErrAuthenticateForbidden
|
|
|
|
|
}
|
2025-11-24 18:44:06 +08:00
|
|
|
if a.Client.Type != m.ClientTypeOfficial {
|
2025-11-17 18:38:10 +08:00
|
|
|
return a, ErrAuthenticateForbidden
|
|
|
|
|
}
|
|
|
|
|
if !a.checkScopes(scopes...) {
|
|
|
|
|
return a, ErrAuthenticateForbidden
|
|
|
|
|
}
|
|
|
|
|
return a, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (a *AuthCtx) checkScopes(scopes ...string) bool {
|
|
|
|
|
if len(scopes) == 0 || len(a.Scopes) == 0 {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
if len(a.smap) == 0 && len(a.Scopes) > 0 {
|
2026-03-18 18:09:32 +08:00
|
|
|
a.smap = make(map[string]struct{}, len(a.Scopes))
|
|
|
|
|
for _, scope := range a.Scopes {
|
2025-11-17 18:38:10 +08:00
|
|
|
a.smap[scope] = struct{}{}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
for _, scope := range scopes {
|
|
|
|
|
if _, ok := a.smap[scope]; ok {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const AuthCtxKey = "session"
|
|
|
|
|
|
|
|
|
|
func SetAuthCtx(c *fiber.Ctx, auth *AuthCtx) {
|
|
|
|
|
c.Locals(AuthCtxKey, auth)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func GetAuthCtx(c *fiber.Ctx) *AuthCtx {
|
|
|
|
|
if authCtx, ok := c.Locals(AuthCtxKey).(*AuthCtx); ok {
|
|
|
|
|
return authCtx
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
