Taobin-Recipe-Manager/server/middlewares/authorized.go

package middlewares

import (
	"context"
	"encoding/json"
	"fmt"
	"net/http"
	"recipe-manager/enums/permissions"
	"recipe-manager/models"
	"recipe-manager/services/oauth"
	"recipe-manager/services/user"

	"github.com/go-chi/chi/v5"
	"golang.org/x/oauth2"
)

// ========================== ValidatePermissions =========================================
func Authorize(oauthService oauth.OAuthService, userService user.UserService, nextRoute http.Handler) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		token := &oauth2.Token{}

		if cookie, err := r.Cookie("access_token"); err == nil {
			token.AccessToken = cookie.Value
		} else {
			token.AccessToken = r.Header.Get("X-Access-Token")
		}

		userInfo, err := oauthService.GetUserInfo(r.Context(), token)

		if err != nil {
			// if have refresh token, set refresh token to token
			if cookie, err := r.Cookie("refresh_token"); err == nil {
				token.RefreshToken = cookie.Value
			} else {
				token.RefreshToken = r.Header.Get("X-Refresh-Token")
			}

			newToken, err := oauthService.RefreshToken(r.Context(), token)

			if err != nil {
				http.Error(w, "Unauthorized", http.StatusUnauthorized)
				return
			}

			userInfo, err = oauthService.GetUserInfo(r.Context(), newToken)

			if err != nil {
				http.Error(w, "Unauthorized", http.StatusUnauthorized)
				return
			}

			// set new token to cookie
			w.Header().Add("set-cookie", fmt.Sprintf("access_token=%s; Path=/; HttpOnly; SameSite=None; Secure; Max-Age=3600", newToken.AccessToken))
		}

		if userInfo != nil {
			userFromDB, err := userService.GetUserByEmail(r.Context(), userInfo.Email)

			if err != nil {
				if err != nil {
					http.Error(w, "Unauthorized", http.StatusUnauthorized)
					return
				}
			}

			if userFromDB != nil {
				userInfo.ID = userFromDB.ID
				userInfo.Name = userFromDB.Name
				if userFromDB.Picture != "" {
					userInfo.Picture = userFromDB.Picture
				}
				userInfo.Permissions = userFromDB.Permissions
			}
		}

		ctx := context.WithValue(r.Context(), "user", userInfo)

		nextRoute.ServeHTTP(w, r.WithContext(ctx))
	}
}

// ========================== Permissions =========================================

func ValidatePermissions(p []permissions.Permission, nextRoute http.HandlerFunc) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		u := r.Context().Value("user").(*models.User)

		for _, pm := range p {
			if !u.Permissions.IsHavePermission(pm) {
				// If not have permission response unauthorized
				w.WriteHeader(http.StatusUnauthorized)
				err := json.NewEncoder(w).Encode("Unauthorized")
				if err != nil {
					panic(err)
				}
				return
			}
		}

		nextRoute.ServeHTTP(w, r)
	}
}

func ValidateOwnerOrPermissions(p []permissions.Permission, nextRoute http.HandlerFunc) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		reqUserID := chi.URLParam(r, "id")
		u := r.Context().Value("user").(*models.User)

		if reqUserID == "" {
			// If not have permission response unauthorized
			w.WriteHeader(http.StatusUnauthorized)
			err := json.NewEncoder(w).Encode("Unauthorized")
			if err != nil {
				panic(err)
			}
			return
		}

		if reqUserID == u.ID {
			nextRoute.ServeHTTP(w, r)
			return
		}

		ValidatePermissions(p, nextRoute)
	}
}
Add User route and Refactor code 2023-12-06 20:21:25 +07:00			`package middlewares`

			`import (`
test update some permissions 2023-12-08 14:46:07 +07:00			`"context"`
Add User route and Refactor code 2023-12-06 20:21:25 +07:00			`"encoding/json"`
test update some permissions 2023-12-08 14:46:07 +07:00			`"fmt"`
Add User route and Refactor code 2023-12-06 20:21:25 +07:00			`"net/http"`
			`"recipe-manager/enums/permissions"`
			`"recipe-manager/models"`
test update some permissions 2023-12-08 14:46:07 +07:00			`"recipe-manager/services/oauth"`
			`"recipe-manager/services/user"`
update filemanager navigation 2024-02-20 15:01:43 +07:00
			`"github.com/go-chi/chi/v5"`
			`"golang.org/x/oauth2"`
Add User route and Refactor code 2023-12-06 20:21:25 +07:00			`)`

test update some permissions 2023-12-08 14:46:07 +07:00			`// ========================== ValidatePermissions =========================================`
			`func Authorize(oauthService oauth.OAuthService, userService user.UserService, nextRoute http.Handler) http.HandlerFunc {`
Add User route and Refactor code 2023-12-06 20:21:25 +07:00			`return func(w http.ResponseWriter, r *http.Request) {`
test update some permissions 2023-12-08 14:46:07 +07:00			`token := &oauth2.Token{}`

			`if cookie, err := r.Cookie("access_token"); err == nil {`
			`token.AccessToken = cookie.Value`
update filemanager navigation 2024-02-20 15:01:43 +07:00			`} else {`
			`token.AccessToken = r.Header.Get("X-Access-Token")`
test update some permissions 2023-12-08 14:46:07 +07:00			`}`

			`userInfo, err := oauthService.GetUserInfo(r.Context(), token)`

			`if err != nil {`
			`// if have refresh token, set refresh token to token`
			`if cookie, err := r.Cookie("refresh_token"); err == nil {`
			`token.RefreshToken = cookie.Value`
update filemanager navigation 2024-02-20 15:01:43 +07:00			`} else {`
			`token.RefreshToken = r.Header.Get("X-Refresh-Token")`
test update some permissions 2023-12-08 14:46:07 +07:00			`}`

			`newToken, err := oauthService.RefreshToken(r.Context(), token)`

			`if err != nil {`
			`http.Error(w, "Unauthorized", http.StatusUnauthorized)`
			`return`
			`}`

			`userInfo, err = oauthService.GetUserInfo(r.Context(), newToken)`

			`if err != nil {`
			`http.Error(w, "Unauthorized", http.StatusUnauthorized)`
			`return`
			`}`

			`// set new token to cookie`
			`w.Header().Add("set-cookie", fmt.Sprintf("access_token=%s; Path=/; HttpOnly; SameSite=None; Secure; Max-Age=3600", newToken.AccessToken))`
			`}`

			`if userInfo != nil {`
			`userFromDB, err := userService.GetUserByEmail(r.Context(), userInfo.Email)`

			`if err != nil {`
			`if err != nil {`
			`http.Error(w, "Unauthorized", http.StatusUnauthorized)`
			`return`
			`}`
			`}`

			`if userFromDB != nil {`
			`userInfo.ID = userFromDB.ID`
			`userInfo.Name = userFromDB.Name`
			`if userFromDB.Picture != "" {`
			`userInfo.Picture = userFromDB.Picture`
			`}`
			`userInfo.Permissions = userFromDB.Permissions`
			`}`
			`}`

			`ctx := context.WithValue(r.Context(), "user", userInfo)`

			`nextRoute.ServeHTTP(w, r.WithContext(ctx))`
			`}`
			`}`

			`// ========================== Permissions =========================================`

			`func ValidatePermissions(p []permissions.Permission, nextRoute http.HandlerFunc) http.HandlerFunc {`
			`return func(w http.ResponseWriter, r *http.Request) {`
			`u := r.Context().Value("user").(*models.User)`
Add User route and Refactor code 2023-12-06 20:21:25 +07:00
			`for _, pm := range p {`
test update some permissions 2023-12-08 14:46:07 +07:00			`if !u.Permissions.IsHavePermission(pm) {`
Add User route and Refactor code 2023-12-06 20:21:25 +07:00			`// If not have permission response unauthorized`
			`w.WriteHeader(http.StatusUnauthorized)`
			`err := json.NewEncoder(w).Encode("Unauthorized")`
			`if err != nil {`
			`panic(err)`
			`}`
			`return`
			`}`
			`}`

			`nextRoute.ServeHTTP(w, r)`
			`}`
			`}`

test update some permissions 2023-12-08 14:46:07 +07:00			`func ValidateOwnerOrPermissions(p []permissions.Permission, nextRoute http.HandlerFunc) http.HandlerFunc {`
Add User route and Refactor code 2023-12-06 20:21:25 +07:00			`return func(w http.ResponseWriter, r *http.Request) {`
			`reqUserID := chi.URLParam(r, "id")`
test update some permissions 2023-12-08 14:46:07 +07:00			`u := r.Context().Value("user").(*models.User)`
Add User route and Refactor code 2023-12-06 20:21:25 +07:00
			`if reqUserID == "" {`
			`// If not have permission response unauthorized`
			`w.WriteHeader(http.StatusUnauthorized)`
			`err := json.NewEncoder(w).Encode("Unauthorized")`
			`if err != nil {`
			`panic(err)`
			`}`
			`return`
			`}`

test update some permissions 2023-12-08 14:46:07 +07:00			`if reqUserID == u.ID {`
Add User route and Refactor code 2023-12-06 20:21:25 +07:00			`nextRoute.ServeHTTP(w, r)`
			`return`
			`}`

test update some permissions 2023-12-08 14:46:07 +07:00			`ValidatePermissions(p, nextRoute)`
Add User route and Refactor code 2023-12-06 20:21:25 +07:00			`}`
			`}`