-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
middlewares.go
132 lines (121 loc) · 4.1 KB
/
middlewares.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
package actions
// TODO REVIEW REQUIRED
import (
"net/http"
"strings"
"github.com/gobuffalo/buffalo"
"github.com/gobuffalo/uuid"
"github.com/hyeoncheon/uart/models"
)
// LoginAsTester is helper middleware for testing (simulate authcallback)
func LoginAsTester(next buffalo.Handler) buffalo.Handler {
return func(c buffalo.Context) error {
if ENV == "test" {
member := &models.Member{}
models.DB.Where("mobile LIKE '20%'").Order("updated_at desc").First(member)
if ENV == "test" && member.ID != uuid.Nil {
c.Logger().Info("### ------ LoginAsTester: ", member)
c.Session().Set("member_id", member.ID)
c.Session().Set("member_name", member.Name)
c.Session().Set("member_mail", member.Email)
c.Session().Set("member_icon", member.Icon)
c.Session().Set("member_roles", member.GetAppRoleCodes(models.ACUART))
c.Flash().Add("danger", "TEST AUTHENTICATED")
}
}
return next(c)
}
}
// AuthenticateHandler protect all application pages from unauthorized access.
func AuthenticateHandler(next buffalo.Handler) buffalo.Handler {
return func(c buffalo.Context) error {
memberID := c.Session().Get("member_id")
if memberID == nil {
c.Session().Set("origin", c.Request().RequestURI)
c.Logger().Warn("unauthorized access to ", c.Request().RequestURI)
c.Flash().Add("danger", t(c, "login.required"))
return c.Redirect(http.StatusFound, "/login")
}
return next(c)
}
}
// contextHandler set context variables for all pages, including public pages.
// It uses session information for traditional web pages so it must be called
// after authentication handler.
func contextHandler(next buffalo.Handler) buffalo.Handler {
return func(c buffalo.Context) error {
memberID := c.Session().Get("member_id")
if memberID != nil {
c.Set("member_id", memberID)
c.Set("member_name", c.Session().Get("member_name"))
c.Set("member_mail", c.Session().Get("member_mail"))
c.Set("member_icon", c.Session().Get("member_icon"))
c.Set("member_roles", c.Session().Get("member_roles"))
}
c.Set("member_is_admin", false) // prevent nil
c.Set("role_appman", false) // prevent nil
c.Set("role_userman", false) // prevent nil
c.Set("role_user", false) // prevent nil
if roles, ok := c.Session().Get("member_roles").([]string); ok {
c.Logger().Debug("storing roles on context: ", roles)
for _, role := range roles {
c.Set("role_"+role, true)
if role == models.RCAdmin {
c.Set("member_is_admin", true)
}
}
}
c.Set("theme", "default")
c.Set("brand_name", brandName)
c.Set("lang", languageSelector(c))
return next(c)
}
}
func adminHandler(next buffalo.Handler) buffalo.Handler {
return func(c buffalo.Context) error {
if val, ok := c.Value("member_is_admin").(bool); !ok || !val {
c.Flash().Add("danger", t(c, "staff.only"))
mLogErr(c, MsgFacSecu, "access violation: %v by %v",
c.Value("current_path"), currentMember(c))
return c.Redirect(http.StatusFound, "/")
}
c.Set("theme", "admin")
return next(c)
}
}
func roleBasedLockHandler(next buffalo.Handler) buffalo.Handler {
return func(c buffalo.Context) error {
if val, ok := c.Value("member_is_admin").(bool); !ok || !val {
pos := strings.Split(c.Value("current_path").(string), "/")[1]
perms := map[string]string{
"apps": models.RCAppMan,
"roles": models.RCAppMan,
}
if p := perms[pos]; p != "" {
if c.Value("role_"+p) == nil || c.Value("role_"+p) == false {
c.Logger().Warnf("%v has no permission for %v",
currentMember(c), pos)
c.Flash().Add("danger", t(c, "you.dont.have.permission"))
return c.Redirect(http.StatusFound, "/")
}
c.Logger().Infof("user aquires permission %v for %v.", p, pos)
}
}
return next(c)
}
}
//helpers
func languageSelector(c buffalo.Context) string {
// quick and dirty static ordered list of supported languages
supportedLangs := []string{"ko-KR", "en-US"}
acceptLangs := c.Request().Header.Get("Accept-Language")
for _, al := range strings.Split(acceptLangs, ",") {
al = strings.Split(al, ";")[0]
for _, sl := range supportedLangs {
if sl == al {
return sl
}
}
}
return supportedLangs[0]
}