This repository has been archived by the owner on Jun 11, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
owner.go
58 lines (50 loc) · 1.71 KB
/
owner.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
package middleware
import (
"fmt"
"net/http"
"strconv"
"github.com/dgrijalva/jwt-go"
"github.com/ethicnology/uqac-851-software-engineering-api/database/model"
"goyave.dev/goyave/v3"
"goyave.dev/goyave/v3/config"
"goyave.dev/goyave/v3/database"
)
func Owner(next goyave.Handler) goyave.Handler {
return func(response *goyave.Response, request *goyave.Request) {
email := request.Params["email"]
// Get Bearer Token
tokenString, _ := request.BearerToken()
// Verify Bearer Token Signature
token, _ := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
}
return []byte(config.GetString("auth.jwt.secret")), nil
})
// Unpack claims from JWT
claims, _ := token.Claims.(jwt.MapClaims)
// Check if the User is the owner of the resource.
if email != claims["userid"] {
response.Status(http.StatusForbidden)
return
} else {
user := model.User{}
database.Conn().Where("email = ?", claims["userid"]).First(&user)
request.Extra["UserID"] = user.ID
request.Extra["UserEmail"] = user.Email
}
next(response, request) // Pass to the next handler
}
}
func BankOwner(next goyave.Handler) goyave.Handler {
return func(response *goyave.Response, request *goyave.Request) {
id, _ := strconv.ParseUint(request.Params["bank_id"], 10, 64)
bank := model.Bank{}
if err := database.Conn().Where(&model.Bank{ID: id, UserID: request.Extra["UserID"].(uint64)}).First(&bank).Error; err != nil {
response.Status(http.StatusForbidden)
} else {
request.Extra["BankID"] = bank.ID
}
next(response, request) // Pass to the next handler
}
}