first commit
This commit is contained in:
121
internal/middleware/auth.go
Normal file
121
internal/middleware/auth.go
Normal file
@@ -0,0 +1,121 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"homework-manager/internal/service"
|
||||
|
||||
"github.com/gin-contrib/sessions"
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
const UserIDKey = "user_id"
|
||||
const UserRoleKey = "user_role"
|
||||
const UserNameKey = "user_name"
|
||||
|
||||
func AuthRequired(authService *service.AuthService) gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
session := sessions.Default(c)
|
||||
userID := session.Get(UserIDKey)
|
||||
|
||||
if userID == nil {
|
||||
c.Redirect(http.StatusFound, "/login")
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
||||
user, err := authService.GetUserByID(userID.(uint))
|
||||
if err != nil {
|
||||
session.Clear()
|
||||
session.Save()
|
||||
c.Redirect(http.StatusFound, "/login")
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
||||
c.Set(UserIDKey, user.ID)
|
||||
c.Set(UserRoleKey, user.Role)
|
||||
c.Set(UserNameKey, user.Name)
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
func AdminRequired() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
role, exists := c.Get(UserRoleKey)
|
||||
if !exists || role != "admin" {
|
||||
c.HTML(http.StatusForbidden, "error.html", gin.H{
|
||||
"title": "アクセス拒否",
|
||||
"message": "この操作には管理者権限が必要です。",
|
||||
})
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
func GuestOnly() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
session := sessions.Default(c)
|
||||
userID := session.Get(UserIDKey)
|
||||
|
||||
if userID != nil {
|
||||
c.Redirect(http.StatusFound, "/")
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
func InjectUserInfo() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
session := sessions.Default(c)
|
||||
userID := session.Get(UserIDKey)
|
||||
|
||||
if userID != nil {
|
||||
c.Set(UserIDKey, userID.(uint))
|
||||
c.Set(UserRoleKey, session.Get(UserRoleKey))
|
||||
c.Set(UserNameKey, session.Get(UserNameKey))
|
||||
}
|
||||
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
type APIKeyValidator interface {
|
||||
ValidateAPIKey(key string) (uint, error)
|
||||
}
|
||||
|
||||
func APIKeyAuth(validator APIKeyValidator) gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
authHeader := c.GetHeader("Authorization")
|
||||
if authHeader == "" {
|
||||
c.JSON(http.StatusUnauthorized, gin.H{"error": "Authorization header required"})
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
||||
const bearerPrefix = "Bearer "
|
||||
if len(authHeader) <= len(bearerPrefix) || authHeader[:len(bearerPrefix)] != bearerPrefix {
|
||||
c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid authorization format. Use: Bearer <api_key>"})
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
||||
apiKey := authHeader[len(bearerPrefix):]
|
||||
|
||||
userID, err := validator.ValidateAPIKey(apiKey)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid API key"})
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
||||
c.Set(UserIDKey, userID)
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user