✨ Bug fixes of permission check

pkg/services/auth.go

@@ -30,18 +30,7 @@ func Authenticate(access, refresh string, depth int) (user models.Account, perms
 	newRefresh = refresh
 
 	var ctx models.AuthContext
-
-	ctx, lookupErr := GetAuthContext(claims.ID)
-	if lookupErr == nil {
-		log.Debug().Str("jti", claims.ID).Msg("Hit auth context cache once!")
-		perms = FilterPermNodes(ctx.Account.PermNodes, ctx.Ticket.Claims)
-		user = ctx.Account
-		return
-	}
-
-	ctx, err = GrantAuthContext(claims.ID)
-	if err == nil {
-
+	if ctx, err = GetAuthContext(claims.ID); err == nil {
 		perms = FilterPermNodes(ctx.Account.PermNodes, ctx.Ticket.Claims)
 		user = ctx.Account
 		return
@@ -61,14 +50,14 @@ func GetAuthContext(jti string) (models.AuthContext, error) {
 		authContextCache[jti] = ctx
 		log.Debug().Str("jti", jti).Msg("Used an auth context cache")
 	} else {
-		ctx, err = GrantAuthContext(jti)
+		ctx, err = CacheAuthContext(jti)
 		log.Debug().Str("jti", jti).Msg("Created a new auth context cache")
 	}
 
 	return ctx, err
 }
 
-func GrantAuthContext(jti string) (models.AuthContext, error) {
+func CacheAuthContext(jti string) (models.AuthContext, error) {
 	var ctx models.AuthContext
 
 	// Query data from primary database

pkg/services/perms.go

@@ -1,6 +1,7 @@
 package services
 
 import (
+	"fmt"
 	"reflect"
 	"regexp"
 	"strings"
@@ -45,8 +46,8 @@ func FilterPermNodes(tree map[string]any, claims []string) map[string]any {
 	filteredTree := make(map[string]any)
 
 	match := func(claim, permission string) bool {
-		regex := strings.Replace(permission, "*", ".*", -1)
-		match, _ := regexp.MatchString("^"+regex+"$", claim)
+		regex := strings.ReplaceAll(claim, "*", ".*")
+		match, _ := regexp.MatchString(fmt.Sprintf("^%s$", regex), permission)
 		return match
 	}