29 lines
679 B
Go
29 lines
679 B
Go
package authorize
|
|
|
|
import (
|
|
"net/http"
|
|
"slices"
|
|
|
|
"github.com/go-chi/render"
|
|
|
|
"github.com/dhax/go-base/auth/jwt"
|
|
)
|
|
|
|
// RequiresRole middleware restricts access to accounts having role parameter in their jwt claims.
|
|
func RequiresRole(role string) func(next http.Handler) http.Handler {
|
|
return func(next http.Handler) http.Handler {
|
|
hfn := func(w http.ResponseWriter, r *http.Request) {
|
|
claims := jwt.ClaimsFromCtx(r.Context())
|
|
if !hasRole(role, claims.Roles) {
|
|
render.Render(w, r, ErrForbidden)
|
|
return
|
|
}
|
|
next.ServeHTTP(w, r)
|
|
}
|
|
return http.HandlerFunc(hfn)
|
|
}
|
|
}
|
|
|
|
func hasRole(role string, roles []string) bool {
|
|
return slices.Contains(roles, role)
|
|
}
|