100 lines
2.2 KiB
Go
100 lines
2.2 KiB
Go
package auth
|
|
|
|
import (
|
|
"platform/web/domains/client"
|
|
m "platform/web/models"
|
|
|
|
"github.com/gofiber/fiber/v2"
|
|
)
|
|
|
|
type AuthCtx struct {
|
|
User *m.User `json:"account,omitempty"`
|
|
Admin *m.Admin `json:"admin,omitempty"`
|
|
Client *m.Client `json:"client,omitempty"`
|
|
Scopes []string `json:"scopes,omitempty"`
|
|
Session *m.Session `json:"session,omitempty"`
|
|
smap map[string]struct{}
|
|
}
|
|
|
|
func (a *AuthCtx) PermitUser(scopes ...string) (*AuthCtx, error) {
|
|
if a.User == nil {
|
|
return a, ErrAuthenticateForbidden
|
|
}
|
|
if !a.checkScopes(scopes...) {
|
|
return a, ErrAuthenticateForbidden
|
|
}
|
|
return a, nil
|
|
}
|
|
|
|
func (a *AuthCtx) PermitAdmin(scopes ...string) (*AuthCtx, error) {
|
|
if a.Admin == nil {
|
|
return a, ErrAuthenticateForbidden
|
|
}
|
|
if !a.checkScopes(scopes...) {
|
|
return a, ErrAuthenticateForbidden
|
|
}
|
|
return a, nil
|
|
}
|
|
|
|
func (a *AuthCtx) PermitSecretClient(scopes ...string) (*AuthCtx, error) {
|
|
if a.Client == nil {
|
|
return a, ErrAuthenticateForbidden
|
|
}
|
|
spec := client.Spec(a.Client.Spec)
|
|
if spec != client.SpecApi && spec != client.SpecWeb {
|
|
return a, ErrAuthenticateForbidden
|
|
}
|
|
if !a.checkScopes(scopes...) {
|
|
return a, ErrAuthenticateForbidden
|
|
}
|
|
return a, nil
|
|
}
|
|
|
|
func (a *AuthCtx) PermitInternalClient(scopes ...string) (*AuthCtx, error) {
|
|
if a.Client == nil {
|
|
return a, ErrAuthenticateForbidden
|
|
}
|
|
spec := client.Spec(a.Client.Spec)
|
|
if spec != client.SpecApi && spec != client.SpecWeb {
|
|
return a, ErrAuthenticateForbidden
|
|
}
|
|
cType := client.Type(a.Client.Type)
|
|
if cType != client.TypeInternal {
|
|
return a, ErrAuthenticateForbidden
|
|
}
|
|
if !a.checkScopes(scopes...) {
|
|
return a, ErrAuthenticateForbidden
|
|
}
|
|
return a, nil
|
|
}
|
|
|
|
func (a *AuthCtx) checkScopes(scopes ...string) bool {
|
|
if len(scopes) == 0 || len(a.Scopes) == 0 {
|
|
return true
|
|
}
|
|
if len(a.smap) == 0 && len(a.Scopes) > 0 {
|
|
for _, scope := range scopes {
|
|
a.smap[scope] = struct{}{}
|
|
}
|
|
}
|
|
for _, scope := range scopes {
|
|
if _, ok := a.smap[scope]; ok {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
const AuthCtxKey = "session"
|
|
|
|
func SetAuthCtx(c *fiber.Ctx, auth *AuthCtx) {
|
|
c.Locals(AuthCtxKey, auth)
|
|
}
|
|
|
|
func GetAuthCtx(c *fiber.Ctx) *AuthCtx {
|
|
if authCtx, ok := c.Locals(AuthCtxKey).(*AuthCtx); ok {
|
|
return authCtx
|
|
}
|
|
return nil
|
|
}
|