refactor auth pkg into libraries
This commit is contained in:
dhax
parent
521f081ba0
commit
aaf0a0928d
26 changed files with 592 additions and 504 deletions
33
auth/authorize/roles.go
Normal file
33
auth/authorize/roles.go
Normal file
|
|
@ -0,0 +1,33 @@
|
|||
package authorize
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"github.com/go-chi/render"
|
||||
|
||||
"github.com/dhax/go-base/auth/jwt"
|
||||
)
|
||||
|
||||
// RequiresRole middleware restricts access to accounts having role parameter in their jwt claims.
|
||||
func RequiresRole(role string) func(next http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
hfn := func(w http.ResponseWriter, r *http.Request) {
|
||||
claims := jwt.ClaimsFromCtx(r.Context())
|
||||
if !hasRole(role, claims.Roles) {
|
||||
render.Render(w, r, ErrForbidden)
|
||||
return
|
||||
}
|
||||
next.ServeHTTP(w, r)
|
||||
}
|
||||
return http.HandlerFunc(hfn)
|
||||
}
|
||||
}
|
||||
|
||||
func hasRole(role string, roles []string) bool {
|
||||
for _, r := range roles {
|
||||
if r == role {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue