mirror of
https://git.rwth-aachen.de/acs/public/villas/web-backend-go/
synced 2025-03-30 00:00:12 +01:00
98 lines
2.8 KiB
Go
98 lines
2.8 KiB
Go
/** User package, middleware.
|
|
*
|
|
* @author Sonja Happ <sonja.happ@eonerc.rwth-aachen.de>
|
|
* @copyright 2014-2019, Institute for Automation of Complex Power Systems, EONERC
|
|
* @license GNU General Public License (version 3)
|
|
*
|
|
* VILLASweb-backend-go
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*********************************************************************************/
|
|
package user
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"git.rwth-aachen.de/acs/public/villas/web-backend-go/configuration"
|
|
"git.rwth-aachen.de/acs/public/villas/web-backend-go/database"
|
|
"git.rwth-aachen.de/acs/public/villas/web-backend-go/helper"
|
|
|
|
"github.com/dgrijalva/jwt-go"
|
|
"github.com/dgrijalva/jwt-go/request"
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
func claimsToContext(c *gin.Context, claims jwt.MapClaims) error {
|
|
userID, ok := claims["id"].(float64)
|
|
if !ok {
|
|
return fmt.Errorf("Authentication failed (claims casting)")
|
|
}
|
|
|
|
var user User
|
|
|
|
err := user.byID(uint(userID))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
c.Set(database.UserRoleCtx, user.Role)
|
|
c.Set(database.UserIDCtx, uint(userID))
|
|
|
|
return nil
|
|
}
|
|
|
|
func isAuthenticated(c *gin.Context) (bool, error) {
|
|
// Authentication's access token extraction
|
|
token, err := request.ParseFromRequest(c.Request,
|
|
request.MultiExtractor{
|
|
request.AuthorizationHeaderExtractor,
|
|
request.ArgumentExtractor{"token"},
|
|
},
|
|
func(token *jwt.Token) (interface{}, error) {
|
|
// Validate alg for signing the jwt
|
|
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
|
return nil, fmt.Errorf("Unexpected signing alg: %v",
|
|
token.Header["alg"])
|
|
}
|
|
|
|
// Return secret in byte format
|
|
secret, _ := configuration.GlobalConfig.String("jwt.secret")
|
|
return []byte(secret), nil
|
|
})
|
|
|
|
// If the authentication extraction fails return HTTP code 401
|
|
if err != nil {
|
|
return false, fmt.Errorf("Authentication failed (claims extraction: %s)", err)
|
|
}
|
|
|
|
// If the token is ok, pass user id to context
|
|
if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
|
|
err = claimsToContext(c, claims)
|
|
if err != nil {
|
|
return false, fmt.Errorf("Authentication failed (claims casting: %s)", err)
|
|
}
|
|
}
|
|
|
|
return true, nil
|
|
}
|
|
|
|
func Authentication() gin.HandlerFunc {
|
|
|
|
return func(c *gin.Context) {
|
|
ok, err := isAuthenticated(c)
|
|
if !ok || err != nil {
|
|
helper.UnauthorizedAbort(c, err.Error())
|
|
}
|
|
}
|
|
}
|