update
This commit is contained in:
@@ -2,6 +2,11 @@ Name: Blog
|
||||
Host: 0.0.0.0
|
||||
Port: 8888
|
||||
|
||||
JWT:
|
||||
Secret: your-secret-key-change-in-production
|
||||
Issuer: cialloo-authenticator
|
||||
ExpiresIn: 604800 # 7 days in seconds
|
||||
|
||||
Database:
|
||||
DSN: "${DATABASE_DSN}" # postgres: host=localhost port=5432 user=postgres password=your_password dbname=steam_union sslmode=disable
|
||||
|
||||
|
||||
@@ -6,6 +6,7 @@ type Config struct {
|
||||
rest.RestConf
|
||||
Database DatabaseConfig
|
||||
S3 S3Config
|
||||
JWT JWTConfig
|
||||
}
|
||||
|
||||
type DatabaseConfig struct {
|
||||
@@ -20,3 +21,9 @@ type S3Config struct {
|
||||
Endpoint string `json:",optional"` // Optional: for S3-compatible services
|
||||
PresignedURLExpiration int64 `json:",default=3600"` // Default 1 hour
|
||||
}
|
||||
|
||||
type JWTConfig struct {
|
||||
Secret string
|
||||
Issuer string
|
||||
ExpiresIn int64
|
||||
}
|
||||
|
||||
@@ -2,8 +2,10 @@ package middleware
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"git.cialloo.com/CiallooWeb/Blog/app/internal/config"
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
)
|
||||
|
||||
type SuperAdminAuthMiddleware struct {
|
||||
@@ -14,11 +16,62 @@ func NewSuperAdminAuthMiddleware(c config.Config) *SuperAdminAuthMiddleware {
|
||||
return &SuperAdminAuthMiddleware{Config: c}
|
||||
}
|
||||
|
||||
type Claims struct {
|
||||
SteamID string `json:"steamId"`
|
||||
jwt.RegisteredClaims
|
||||
}
|
||||
|
||||
func (m *SuperAdminAuthMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
// TODO generate middleware implement function, delete after code implementation
|
||||
// Get Authorization header
|
||||
authHeader := r.Header.Get("Authorization")
|
||||
if authHeader == "" {
|
||||
http.Error(w, "Missing authorization header", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
// Passthrough to next handler if need
|
||||
// Check Bearer token format
|
||||
parts := strings.SplitN(authHeader, " ", 2)
|
||||
if len(parts) != 2 || parts[0] != "Bearer" {
|
||||
http.Error(w, "Invalid authorization header format", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
tokenString := parts[1]
|
||||
|
||||
// Parse and validate JWT token
|
||||
claims := &Claims{}
|
||||
token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
|
||||
// Validate signing method
|
||||
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||
return nil, jwt.ErrSignatureInvalid
|
||||
}
|
||||
return []byte(m.Config.JWT.Secret), nil
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
http.Error(w, "Invalid token: "+err.Error(), http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
if !token.Valid {
|
||||
http.Error(w, "Invalid token", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
// Validate issuer
|
||||
if claims.Issuer != m.Config.JWT.Issuer {
|
||||
http.Error(w, "Invalid token issuer", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
// Check if user is super admin (steamId must be "1234567")
|
||||
if claims.SteamID != "1234567" {
|
||||
http.Error(w, "Forbidden: Super admin access required", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
|
||||
// Passthrough to next handler if authenticated and authorized
|
||||
next(w, r)
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user