2021-12-12 14:04:11 -08:00
|
|
|
package middleware
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
2021-12-16 16:49:33 -08:00
|
|
|
"strconv"
|
2021-12-12 14:04:11 -08:00
|
|
|
|
|
|
|
"goweb/auth"
|
|
|
|
"goweb/context"
|
|
|
|
"goweb/ent"
|
2021-12-16 04:29:16 -08:00
|
|
|
"goweb/msg"
|
2021-12-12 14:04:11 -08:00
|
|
|
|
|
|
|
"github.com/labstack/echo/v4"
|
|
|
|
)
|
|
|
|
|
2021-12-15 06:29:43 -08:00
|
|
|
func LoadAuthenticatedUser(authClient *auth.Client) echo.MiddlewareFunc {
|
2021-12-12 14:04:11 -08:00
|
|
|
return func(next echo.HandlerFunc) echo.HandlerFunc {
|
|
|
|
return func(c echo.Context) error {
|
2021-12-16 04:29:16 -08:00
|
|
|
u, err := authClient.GetAuthenticatedUser(c)
|
|
|
|
switch err.(type) {
|
|
|
|
case *ent.NotFoundError:
|
|
|
|
c.Logger().Debug("auth user not found")
|
|
|
|
case auth.NotAuthenticatedError:
|
|
|
|
case nil:
|
|
|
|
c.Set(context.AuthenticatedUserKey, u)
|
|
|
|
c.Logger().Info("auth user loaded in to context: %d", u.ID)
|
|
|
|
default:
|
|
|
|
c.Logger().Errorf("error querying for authenticated user: %v", err)
|
2021-12-12 14:04:11 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
return next(c)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-12-16 04:29:16 -08:00
|
|
|
func LoadValidPasswordToken(authClient *auth.Client) echo.MiddlewareFunc {
|
|
|
|
return func(next echo.HandlerFunc) echo.HandlerFunc {
|
|
|
|
return func(c echo.Context) error {
|
2021-12-16 16:49:33 -08:00
|
|
|
userID, err := strconv.Atoi(c.Param("user"))
|
|
|
|
if err != nil {
|
2021-12-16 04:29:16 -08:00
|
|
|
return echo.NewHTTPError(http.StatusNotFound, "Not found")
|
|
|
|
}
|
|
|
|
|
2021-12-16 16:49:33 -08:00
|
|
|
tokenParam := c.Param("password_token")
|
|
|
|
|
|
|
|
token, err := authClient.GetValidPasswordToken(c, tokenParam, userID)
|
|
|
|
switch err.(type) {
|
|
|
|
case nil:
|
|
|
|
case auth.InvalidTokenError:
|
2021-12-16 04:29:16 -08:00
|
|
|
msg.Warning(c, "The link is either invalid or has expired. Please request a new one.")
|
|
|
|
return c.Redirect(http.StatusFound, c.Echo().Reverse("forgot_password"))
|
2021-12-16 16:49:33 -08:00
|
|
|
default:
|
|
|
|
c.Logger().Error(err)
|
|
|
|
return echo.NewHTTPError(http.StatusInternalServerError, "Internal server error")
|
2021-12-16 04:29:16 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
c.Set(context.PasswordTokenKey, token)
|
|
|
|
|
|
|
|
return next(c)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-12-12 14:04:11 -08:00
|
|
|
func RequireAuthentication() echo.MiddlewareFunc {
|
|
|
|
return func(next echo.HandlerFunc) echo.HandlerFunc {
|
|
|
|
return func(c echo.Context) error {
|
|
|
|
if u := c.Get(context.AuthenticatedUserKey); u == nil {
|
|
|
|
return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
|
|
|
|
}
|
|
|
|
|
|
|
|
return next(c)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func RequireNoAuthentication() echo.MiddlewareFunc {
|
|
|
|
return func(next echo.HandlerFunc) echo.HandlerFunc {
|
|
|
|
return func(c echo.Context) error {
|
|
|
|
if u := c.Get(context.AuthenticatedUserKey); u != nil {
|
|
|
|
return echo.NewHTTPError(http.StatusForbidden, "Forbidden")
|
|
|
|
}
|
|
|
|
|
|
|
|
return next(c)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|