test update some permissions

server/server.go

@@ -14,6 +14,7 @@ import (
 	"recipe-manager/config"
 	"recipe-manager/data"
 	"recipe-manager/enums/permissions"
+	"recipe-manager/middlewares"
 	"recipe-manager/models"
 	"recipe-manager/routers"
 	"recipe-manager/services/logger"
@@ -29,7 +30,6 @@ import (
 	"github.com/go-chi/cors"
 	"github.com/spf13/viper"
 	"go.uber.org/zap"
-	"golang.org/x/oauth2"
 )
 
 var (
@@ -116,7 +116,7 @@ func (s *Server) createHandler() {
 	}))
 
 	// Recipe Service
-	recipeService := recipe.NewRecipeService(s.data)
+	recipeService := recipe.NewRecipeService(s.data, s.taoLogger)
 
 	// User Service
 	userService := user.NewUserService(s.cfg, s.database, s.taoLogger)
@@ -134,63 +134,7 @@ func (s *Server) createHandler() {
 	r.Group(func(r chi.Router) {
 
 		r.Use(func(next http.Handler) http.Handler {
-			return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				token := &oauth2.Token{}
-
-				if cookie, err := r.Cookie("access_token"); err == nil {
-					token.AccessToken = cookie.Value
-				}
-
-				userInfo, err := s.oauth.GetUserInfo(r.Context(), token)
-
-				if err != nil {
-					// if have refresh token, set refresh token to token
-					if cookie, err := r.Cookie("refresh_token"); err == nil {
-						token.RefreshToken = cookie.Value
-					}
-
-					newToken, err := s.oauth.RefreshToken(r.Context(), token)
-
-					if err != nil {
-						http.Error(w, "Unauthorized", http.StatusUnauthorized)
-						return
-					}
-
-					userInfo, err = s.oauth.GetUserInfo(r.Context(), newToken)
-
-					if err != nil {
-						http.Error(w, "Unauthorized", http.StatusUnauthorized)
-						return
-					}
-
-					// set new token to cookie
-					w.Header().Add("set-cookie", fmt.Sprintf("access_token=%s; Path=/; HttpOnly; SameSite=None; Secure; Max-Age=3600", newToken.AccessToken))
-				}
-
-				if userInfo != nil {
-					userFromDB, err := userService.GetUserByEmail(r.Context(), userInfo.Email)
-
-					if err != nil {
-						if err != nil {
-							http.Error(w, "Unauthorized", http.StatusUnauthorized)
-							return
-						}
-					}
-
-					if userFromDB != nil {
-						userInfo.ID = userFromDB.ID
-						userInfo.Name = userFromDB.Name
-						if userFromDB.Picture != "" {
-							userInfo.Picture = userFromDB.Picture
-						}
-						userInfo.Permissions = userFromDB.Permissions
-					}
-				}
-
-				ctx := context.WithValue(r.Context(), "user", userInfo)
-
-				next.ServeHTTP(w, r.WithContext(ctx))
-			})
+			return middlewares.Authorize(s.oauth, userService, next)
 		})
 
 		r.Post("/merge", func(w http.ResponseWriter, r *http.Request) {
@@ -198,10 +142,10 @@ func (s *Server) createHandler() {
 			// locking
 			if !pyAPIhandler(w, r) {
 				s.taoLogger.Log.Warn("Merge - u tried to access while another u is requesting merge",
-					zap.String("u", r.Context().Value("u").(*models.User).Name))
+					zap.String("user", r.Context().Value("user").(*models.User).Name))
 				return
 			} else {
-				s.taoLogger.Log.Debug("Merge - u has access", zap.String("u", r.Context().Value("u").(*models.User).Name))
+				s.taoLogger.Log.Debug("Merge - u has access", zap.String("user", r.Context().Value("user").(*models.User).Name))
 			}
 
 			var targetMap map[string]interface{}
@@ -234,8 +178,8 @@ func (s *Server) createHandler() {
 			dev_path := repo_path + dev_version + ".json"
 
 			// Get who's requesting
-			u := r.Context().Value("u").(*models.User)
-			s.taoLogger.Log.Info("Request merge by", zap.String("u", u.Name))
+			u := r.Context().Value("user").(*models.User)
+			s.taoLogger.Log.Info("Request merge by", zap.String("user", u.Name))
 
 			// lookup for python exec
 			pyExec, err := exec.LookPath("python")