-
Vikram Ingawale authored2938c4dc
middleware.go 2.88 KiB
package middlewareimport ( "errors" "fmt" "golangtemplate/servers/app/models" "net/http" "runtime/debug" "time" "corelab.mkcl.org/MKCLOS/coredevelopmentplatform/corepkgv2/loggermdl" "github.com/gin-contrib/cors" "github.com/gin-gonic/gin" "github.com/golang-jwt/jwt/v5" "github.com/golang-jwt/jwt/v5/request")// Init -Initfunc Init(g *gin.Engine) { g.Use(cors.Default()) g.Use(Recovery())}type Principal struct { UserID string `json:"userId"` Groups []string `json:"groups"` SessionExpiration time.Time `json:"sessionExpiration"` ClientIP string `json:"clientIP"` HitsCount int `json:"hitsCount"` Token string `json:"token"` Metadata string `json:"metadata"` jwt.RegisteredClaims}var group = []string{"delete"}// Recovery - a recoverymdl for gin to log the panic and recoverfunc Recovery() gin.HandlerFunc { return func(c *gin.Context) { defer func() { if err := recover(); err != nil { loggermdl.LogError("recovered:", err) loggermdl.LogError(string(debug.Stack())) // write to access log gin.DefaultErrorWriter.Write(debug.Stack()) } }() c.Next() }}func CustomLogger() gin.HandlerFunc { return gin.LoggerWithFormatter(func(params gin.LogFormatterParams) string { return fmt.Sprintf("", params.ClientIP, params.BodySize, params.Request, params.Method, params.Path) })}func Auth() gin.HandlerFunc { return func(c *gin.Context) { _, err := request.ParseFromRequest(c.Request, request.OAuth2Extractor, func(token *jwt.Token) (interface{}, error) { b := ([]byte(models.JWTKey)) return b, nil }) if err != nil { c.AbortWithError(401, err) } }}func RolebasedAuth() gin.HandlerFunc {7172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115
return func(c *gin.Context) {
// Decode the JWT token
tokenString := c.Request.Header.Get("Authorization")
if tokenString == "" {
c.AbortWithError(401, errors.New("missing Authorization header"))
return
}
// Decode the JWT token
token, err := jwt.ParseWithClaims(tokenString, &Principal{}, func(token *jwt.Token) (interface{}, error) {
return []byte(models.JWTKey), nil
})
if err != nil {
c.AbortWithError(401, err)
c.IndentedJSON(http.StatusUnauthorized, "Error parsing token")
return
}
if !token.Valid {
c.AbortWithError(401, errors.New("invalid token"))
c.IndentedJSON(http.StatusUnauthorized, "Token is invalid")
return
}
claims, ok := token.Claims.(*Principal)
if !ok || claims == nil {
c.AbortWithError(401, errors.New("invalid claims"))
c.IndentedJSON(http.StatusUnauthorized, "Invalid claims")
return
}
isPresent := false
for _, i := range group {
for _, j := range claims.Groups {
if i == j {
isPresent = true
break
}
}
}
if !isPresent {
c.AbortWithError(403, errors.New("Access forbidden."))
c.IndentedJSON(http.StatusForbidden, "No roles present.")
return
}
c.Next()
}
}