saasitone/pkg/middleware/auth.go

106 lines
3.1 KiB
Go
Raw Permalink Normal View History

2021-12-12 14:04:11 -08:00
package middleware
import (
2024-07-11 21:09:15 -07:00
"errors"
"fmt"
2021-12-12 14:04:11 -08:00
"net/http"
"strconv"
2021-12-12 14:04:11 -08:00
"github.com/labstack/echo/v4"
2024-07-09 17:57:05 -07:00
"git.grosinger.net/tgrosinger/saasitone/pkg/context"
2024-07-11 21:09:15 -07:00
"git.grosinger.net/tgrosinger/saasitone/pkg/models/sqlc"
2024-07-09 17:57:05 -07:00
"git.grosinger.net/tgrosinger/saasitone/pkg/msg"
"git.grosinger.net/tgrosinger/saasitone/pkg/services"
2021-12-12 14:04:11 -08:00
)
2021-12-21 17:29:15 -08:00
// LoadAuthenticatedUser loads the authenticated user, if one, and stores in context
2021-12-18 07:07:12 -08:00
func LoadAuthenticatedUser(authClient *services.AuthClient) echo.MiddlewareFunc {
2021-12-12 14:04:11 -08:00
return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
u, err := authClient.GetAuthenticatedUser(c)
2024-07-11 21:09:15 -07:00
if err != nil && !errors.Is(err, services.NotAuthenticatedError{}) {
return echo.NewHTTPError(
http.StatusInternalServerError,
fmt.Sprintf("error querying for authenticated user: %v", err),
)
2024-07-11 21:09:15 -07:00
} else if u != nil {
c.Set(context.AuthenticatedUserKey, u)
2021-12-12 14:04:11 -08:00
}
return next(c)
}
}
}
2021-12-21 17:29:15 -08:00
// LoadValidPasswordToken loads a valid password token entity that matches the user and token
// provided in path parameters
// If the token is invalid, the user will be redirected to the forgot password route
// This requires that the user owning the token is loaded in to context
2021-12-18 07:07:12 -08:00
func LoadValidPasswordToken(authClient *services.AuthClient) echo.MiddlewareFunc {
return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
2021-12-21 17:29:15 -08:00
// Extract the user parameter
if c.Get(context.UserKey) == nil {
2021-12-21 17:29:15 -08:00
return echo.NewHTTPError(http.StatusInternalServerError)
}
2024-07-11 21:09:15 -07:00
usr := c.Get(context.UserKey).(*sqlc.User)
// Extract the token ID
tokenID, err := strconv.Atoi(c.Param("password_token"))
if err != nil {
return echo.NewHTTPError(http.StatusNotFound)
}
// Attempt to load a valid password token
token, err := authClient.GetValidPasswordToken(
c,
usr.ID,
tokenID,
c.Param("token"),
)
switch err.(type) {
case nil:
2021-12-21 17:29:15 -08:00
c.Set(context.PasswordTokenKey, token)
return next(c)
2021-12-18 07:07:12 -08:00
case services.InvalidPasswordTokenError:
msg.Warning(c, "The link is either invalid or has expired. Please request a new one.")
// TODO use the const for route name
return c.Redirect(http.StatusFound, c.Echo().Reverse("forgot_password"))
default:
return echo.NewHTTPError(
http.StatusInternalServerError,
fmt.Sprintf("error loading password token: %v", err),
)
}
}
}
}
2021-12-21 17:29:15 -08:00
// RequireAuthentication requires that the user be authenticated in order to proceed
2021-12-12 14:04:11 -08:00
func RequireAuthentication() echo.MiddlewareFunc {
return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
if u := c.Get(context.AuthenticatedUserKey); u == nil {
2021-12-21 17:29:15 -08:00
return echo.NewHTTPError(http.StatusUnauthorized)
2021-12-12 14:04:11 -08:00
}
return next(c)
}
}
}
2021-12-21 17:29:15 -08:00
// RequireNoAuthentication requires that the user not be authenticated in order to proceed
2021-12-12 14:04:11 -08:00
func RequireNoAuthentication() echo.MiddlewareFunc {
return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
if u := c.Get(context.AuthenticatedUserKey); u != nil {
2021-12-21 17:29:15 -08:00
return echo.NewHTTPError(http.StatusForbidden)
2021-12-12 14:04:11 -08:00
}
return next(c)
}
}
}