70 lines
1.6 KiB
Go
70 lines
1.6 KiB
Go
package hyper
|
|
|
|
import (
|
|
"git.solsynth.dev/hydrogen/passport/pkg/proto"
|
|
"github.com/gofiber/fiber/v2"
|
|
jsoniter "github.com/json-iterator/go"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
const CookieAtk = "__hydrogen_atk"
|
|
const CookieRtk = "__hydrogen_rtk"
|
|
|
|
func (v *HyperConn) AuthMiddleware(c *fiber.Ctx) error {
|
|
var atk string
|
|
if cookie := c.Cookies(CookieAtk); len(cookie) > 0 {
|
|
atk = cookie
|
|
}
|
|
if header := c.Get(fiber.HeaderAuthorization); len(header) > 0 {
|
|
tk := strings.Replace(header, "Bearer", "", 1)
|
|
atk = strings.TrimSpace(tk)
|
|
}
|
|
if tk := c.Query("tk"); len(tk) > 0 {
|
|
atk = strings.TrimSpace(tk)
|
|
}
|
|
|
|
c.Locals("p_token", atk)
|
|
|
|
rtk := c.Cookies(CookieRtk)
|
|
if user, newAtk, newRtk, err := v.DoAuthenticate(atk, rtk); err == nil {
|
|
if newAtk != atk {
|
|
c.Cookie(&fiber.Cookie{
|
|
Name: CookieAtk,
|
|
Value: newAtk,
|
|
SameSite: "Lax",
|
|
Expires: time.Now().Add(60 * time.Minute),
|
|
Path: "/",
|
|
})
|
|
c.Cookie(&fiber.Cookie{
|
|
Name: CookieRtk,
|
|
Value: newRtk,
|
|
SameSite: "Lax",
|
|
Expires: time.Now().Add(24 * 30 * time.Hour),
|
|
Path: "/",
|
|
})
|
|
}
|
|
c.Locals("p_user", user)
|
|
}
|
|
|
|
return c.Next()
|
|
}
|
|
|
|
func (v *HyperConn) EnsureAuthenticated(c *fiber.Ctx) error {
|
|
if _, ok := c.Locals("p_user").(*proto.Userinfo); !ok {
|
|
return fiber.NewError(fiber.StatusUnauthorized)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (v *HyperConn) EnsureGrantedPerm(c *fiber.Ctx, key string, val any) error {
|
|
if err := v.EnsureAuthenticated(c); err != nil {
|
|
return err
|
|
}
|
|
encodedVal, _ := jsoniter.Marshal(val)
|
|
if err := v.DoCheckPerm(c.Locals("p_token").(string), key, encodedVal); err != nil {
|
|
return fiber.NewError(fiber.StatusForbidden, err.Error())
|
|
}
|
|
return nil
|
|
}
|