init import
This commit is contained in:
Олег Бородин
@@ -0,0 +1,103 @@
|
||||
/*
|
||||
* Copyright 2026 Oleg Borodin <onborodin@gmail.com>
|
||||
*/
|
||||
package handler
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
|
||||
"mbase/app/router"
|
||||
"mbase/pkg/auxhttp"
|
||||
"mbase/pkg/auxpwd"
|
||||
"mbase/pkg/terms"
|
||||
)
|
||||
|
||||
const (
|
||||
authTag = "authpass"
|
||||
userTag = "accountID"
|
||||
)
|
||||
|
||||
func (hand *Handler) AuthMiddleware(next router.Handler) router.Handler {
|
||||
var handlerFunc router.HandlerFunc
|
||||
|
||||
handlerFunc = func(rctx *router.Context) {
|
||||
success, accountID, err := hand.CheckAccess(rctx)
|
||||
if success {
|
||||
rctx.SetBool(authTag, true)
|
||||
rctx.SetString(userTag, string(accountID))
|
||||
}
|
||||
if err != nil {
|
||||
hand.logg.Errorf("Authorization middleware error: %v", err)
|
||||
}
|
||||
next.ServeHTTP(rctx)
|
||||
}
|
||||
return handlerFunc
|
||||
}
|
||||
|
||||
// Authentification
|
||||
func (hand *Handler) CheckAccess(rctx *router.Context) (bool, string, error) {
|
||||
var err error
|
||||
var success bool
|
||||
var username string
|
||||
var password string
|
||||
var accountID string
|
||||
|
||||
accountID = terms.AnonymousID
|
||||
|
||||
//hand.logg.Debugf("URL: %s", rctx.URL().String())
|
||||
authHeader := rctx.GetHeader("Authorization")
|
||||
hand.logg.Debugf("Authorization: [%s]", authHeader)
|
||||
if authHeader != "" {
|
||||
username, password, err = auxhttp.ParseBasicAuth(authHeader)
|
||||
if err != nil {
|
||||
return success, accountID, err
|
||||
}
|
||||
if username == "" || password == "" {
|
||||
goto anonymous
|
||||
}
|
||||
|
||||
success, id, err := hand.ValidatePassword(rctx.Ctx, username, password)
|
||||
if err != nil {
|
||||
return false, accountID, err
|
||||
}
|
||||
if !success {
|
||||
err = fmt.Errorf("Incorrect username or password")
|
||||
return false, accountID, err
|
||||
}
|
||||
accountID = id
|
||||
return success, accountID, err
|
||||
}
|
||||
anonymous:
|
||||
success = true
|
||||
accountID = terms.AnonymousID
|
||||
return success, accountID, err
|
||||
}
|
||||
|
||||
func (hand *Handler) ValidatePassword(ctx context.Context, username, password string) (bool, string, error) {
|
||||
var err error
|
||||
var accountID string
|
||||
valid := false
|
||||
|
||||
accountExists, accountDescr, err := hand.mdb.GetAccountByUsername(ctx, username)
|
||||
if !accountExists {
|
||||
err := fmt.Errorf("Account not exists")
|
||||
return valid, accountID, err
|
||||
}
|
||||
if !auxpwd.PasswordMatch([]byte(password), accountDescr.Passhash) {
|
||||
err := fmt.Errorf("Login data mismatch")
|
||||
return valid, accountID, err
|
||||
}
|
||||
valid = true
|
||||
accountID = accountDescr.ID
|
||||
|
||||
return valid, accountID, err
|
||||
}
|
||||
|
||||
// Authorization
|
||||
func (hand *Handler) CheckRight(ctx context.Context, accountID, reqRight, subject string) (bool, error) {
|
||||
var err error
|
||||
var res bool
|
||||
res = true
|
||||
return res, err
|
||||
}
|
||||
Reference in New Issue
Block a user