package auth import ( m "platform/web/models" "strings" "github.com/gofiber/fiber/v2" ) type AuthCtx struct { User *m.User `json:"account,omitempty"` Admin *m.Admin `json:"admin,omitempty"` Client *m.Client `json:"client,omitempty"` Scopes []string `json:"scopes,omitempty"` Session *m.Session `json:"session,omitempty"` } func (a *AuthCtx) PermitUser(scopes ...string) (*AuthCtx, error) { if a.User == nil { return a, ErrAuthenticateForbidden } if !a.checkScopes(scopes...) { return a, ErrAuthenticateForbidden } return a, nil } func (a *AuthCtx) PermitAdmin(scopes ...string) (*AuthCtx, error) { if a.Admin == nil { return a, ErrAuthenticateForbidden } if !a.checkScopes(scopes...) { return a, ErrAuthenticateForbidden } return a, nil } func (a *AuthCtx) PermitSecretClient(scopes ...string) (*AuthCtx, error) { if a.Client == nil { return a, ErrAuthenticateForbidden } if a.Client.Spec != m.ClientSpecAPI && a.Client.Spec != m.ClientSpecWeb { return a, ErrAuthenticateForbidden } if !a.checkScopes(scopes...) { return a, ErrAuthenticateForbidden } return a, nil } func (a *AuthCtx) PermitOfficialClient(scopes ...string) (*AuthCtx, error) { if a.Client == nil { return a, ErrAuthenticateForbidden } if a.Client.Spec != m.ClientSpecAPI && a.Client.Spec != m.ClientSpecWeb { return a, ErrAuthenticateForbidden } if a.Client.Type != m.ClientTypeOfficial { return a, ErrAuthenticateForbidden } if !a.checkScopes(scopes...) { return a, ErrAuthenticateForbidden } return a, nil } func (a *AuthCtx) checkScopes(scopes ...string) bool { if len(scopes) == 0 || len(a.Scopes) == 0 { return true } for _, scope := range scopes { for _, prefix := range a.Scopes { if strings.HasPrefix(scope, prefix) { return true } } } return false } const AuthCtxKey = "session" func SetAuthCtx(c *fiber.Ctx, auth *AuthCtx) { c.Locals(AuthCtxKey, auth) } func GetAuthCtx(c *fiber.Ctx) *AuthCtx { if authCtx, ok := c.Locals(AuthCtxKey).(*AuthCtx); ok { return authCtx } return nil }