package auth import ( m "platform/web/models" "github.com/gofiber/fiber/v2" ) type AuthCtx struct { User *m.User `json:"account,omitempty"` Admin *m.Admin `json:"admin,omitempty"` Client *m.Client `json:"client,omitempty"` Scopes []string `json:"scopes,omitempty"` Session *m.Session `json:"session,omitempty"` smap map[string]struct{} } func (a *AuthCtx) PermitUser(scopes ...string) (*AuthCtx, error) { if a.User == nil { return a, ErrAuthenticateForbidden } if !a.checkScopes(scopes...) { return a, ErrAuthenticateForbidden } return a, nil } func (a *AuthCtx) PermitAdmin(scopes ...string) (*AuthCtx, error) { if a.Admin == nil { return a, ErrAuthenticateForbidden } if !a.checkScopes(scopes...) { return a, ErrAuthenticateForbidden } return a, nil } func (a *AuthCtx) PermitSecretClient(scopes ...string) (*AuthCtx, error) { if a.Client == nil { return a, ErrAuthenticateForbidden } if a.Client.Spec != m.ClientSpecAPI && a.Client.Spec != m.ClientSpecWeb { return a, ErrAuthenticateForbidden } if !a.checkScopes(scopes...) { return a, ErrAuthenticateForbidden } return a, nil } func (a *AuthCtx) PermitOfficialClient(scopes ...string) (*AuthCtx, error) { if a.Client == nil { return a, ErrAuthenticateForbidden } if a.Client.Spec != m.ClientSpecAPI && a.Client.Spec != m.ClientSpecWeb { return a, ErrAuthenticateForbidden } if a.Client.Type != m.ClientTypeOfficial { return a, ErrAuthenticateForbidden } if !a.checkScopes(scopes...) { return a, ErrAuthenticateForbidden } return a, nil } func (a *AuthCtx) checkScopes(scopes ...string) bool { if len(scopes) == 0 || len(a.Scopes) == 0 { return true } if len(a.smap) == 0 && len(a.Scopes) > 0 { for _, scope := range scopes { a.smap[scope] = struct{}{} } } for _, scope := range scopes { if _, ok := a.smap[scope]; ok { return true } } return false } const AuthCtxKey = "session" func SetAuthCtx(c *fiber.Ctx, auth *AuthCtx) { c.Locals(AuthCtxKey, auth) } func GetAuthCtx(c *fiber.Ctx) *AuthCtx { if authCtx, ok := c.Locals(AuthCtxKey).(*AuthCtx); ok { return authCtx } return nil }