1
0
Fork 0
forked from goffee/cup
cup/hooks/auth-check.go

148 lines
3.5 KiB
Go
Raw Normal View History

2024-09-15 20:19:30 -04:00
package hooks
2024-09-12 19:15:38 -04:00
import (
"errors"
"net/http"
2024-09-30 10:17:24 -04:00
"os"
"strconv"
2024-09-12 19:15:38 -04:00
"strings"
"git.smarteching.com/goffee/core"
"git.smarteching.com/goffee/cup/models"
"git.smarteching.com/goffee/cup/utils"
"gorm.io/gorm"
)
2024-09-30 10:17:24 -04:00
var CheckSessionCookie core.Hook = func(c *core.Context) {
pass := true
token := ""
usercookie, err := c.GetCookie()
if err != nil {
}
token = usercookie.Token
2024-09-12 19:15:38 -04:00
if token == "" {
2024-09-30 10:17:24 -04:00
pass = false
} else {
payload, err := c.GetJWT().DecodeToken(token)
if err != nil {
pass = false
} else {
userAgent := c.GetUserAgent()
hashedCacheKey := utils.CreateAuthTokenHashedCacheKey(uint(c.CastToInt(payload["userID"])), userAgent)
cachedToken, err := c.GetCache().Get(hashedCacheKey)
if err != nil {
pass = false
} else if cachedToken != token {
pass = false
} else {
var user models.User
res := c.GetGorm().Where("id = ?", payload["userID"]).First(&user)
if res.Error != nil && !errors.Is(res.Error, gorm.ErrRecordNotFound) {
pass = false
}
}
}
}
// if have session redirect protected page
if pass {
c.Response.Redirect("/appsample").ForceSendResponse()
2024-09-12 19:15:38 -04:00
return
}
2024-09-30 10:17:24 -04:00
c.Next()
}
var AuthCheck core.Hook = func(c *core.Context) {
// check if template engine is enable
TemplateEnableStr := os.Getenv("TEMPLATE_ENABLE")
if TemplateEnableStr == "" {
TemplateEnableStr = "false"
}
TemplateEnable, _ := strconv.ParseBool(TemplateEnableStr)
token := ""
if TemplateEnable {
usercookie, err := c.GetCookie()
if err != nil {
}
token = usercookie.Token
if token == "" {
c.Response.Redirect("/applogin").ForceSendResponse()
return
}
} else {
tokenRaw := c.GetHeader("Authorization")
token = strings.TrimSpace(strings.Replace(tokenRaw, "Bearer", "", 1))
if token == "" {
c.Response.SetStatusCode(http.StatusUnauthorized).Json(c.MapToJson(map[string]interface{}{
"message": "unauthorized",
})).ForceSendResponse()
return
}
}
2024-09-12 19:15:38 -04:00
payload, err := c.GetJWT().DecodeToken(token)
if err != nil {
2024-09-30 10:17:24 -04:00
if TemplateEnable {
c.Response.Redirect("/applogin").ForceSendResponse()
} else {
c.Response.SetStatusCode(http.StatusUnauthorized).Json(c.MapToJson(map[string]interface{}{
"message": "unauthorized",
})).ForceSendResponse()
}
2024-09-12 19:15:38 -04:00
return
}
userAgent := c.GetUserAgent()
hashedCacheKey := utils.CreateAuthTokenHashedCacheKey(uint(c.CastToInt(payload["userID"])), userAgent)
cachedToken, err := c.GetCache().Get(hashedCacheKey)
if err != nil {
// user signed out
2024-09-30 10:17:24 -04:00
if TemplateEnable {
c.Response.Redirect("/applogin").ForceSendResponse()
} else {
c.Response.SetStatusCode(http.StatusUnauthorized).Json(c.MapToJson(map[string]interface{}{
"message": "unauthorized",
})).ForceSendResponse()
}
2024-09-12 19:15:38 -04:00
return
}
if cachedToken != token {
// using old token replaced with new one after recent signin
2024-09-30 10:17:24 -04:00
if TemplateEnable {
c.Response.Redirect("/applogin").ForceSendResponse()
} else {
c.Response.SetStatusCode(http.StatusUnauthorized).Json(c.MapToJson(map[string]interface{}{
"message": "unauthorized",
})).ForceSendResponse()
}
2024-09-12 19:15:38 -04:00
return
}
var user models.User
res := c.GetGorm().Where("id = ?", payload["userID"]).First(&user)
if res.Error != nil && !errors.Is(res.Error, gorm.ErrRecordNotFound) {
// error with the database
c.GetLogger().Error(res.Error.Error())
2024-09-30 10:17:24 -04:00
if TemplateEnable {
c.Response.Redirect("/applogin").ForceSendResponse()
} else {
c.Response.SetStatusCode(http.StatusInternalServerError).Json(c.MapToJson(map[string]interface{}{
"message": "internal error",
})).ForceSendResponse()
}
2024-09-12 19:15:38 -04:00
return
}
c.Next()
}