/
route_filter.go
96 lines (88 loc) 路 2.76 KB
/
route_filter.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
package server
import (
"log"
"net/http"
"github.com/dgrijalva/jwt-go"
"github.com/dgrijalva/jwt-go/request"
"github.com/emicklei/go-restful"
"github.com/linkernetworks/logger"
"github.com/linkernetworks/vortex/src/entity"
response "github.com/linkernetworks/vortex/src/net/http"
"github.com/linkernetworks/vortex/src/server/backend"
)
func globalLogging(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
logger.Infof("%s %s", req.Request.Method, req.Request.URL)
chain.ProcessFilter(req, resp)
}
func validateTokenMiddleware(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
token, err := request.ParseFromRequest(req.Request, request.AuthorizationHeaderExtractor,
func(token *jwt.Token) (interface{}, error) {
return []byte(backend.SecretKey), nil
})
if err == nil {
if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
// save user ID to requests attributes
req.SetAttribute("UserID", claims["sub"])
// save role to requests attributes
req.SetAttribute("Role", claims["role"])
chain.ProcessFilter(req, resp)
} else {
resp.WriteHeaderAndEntity(http.StatusUnauthorized,
response.ActionResponse{
Error: true,
Message: "Token is invalid",
})
return
}
} else {
logger.Infof("Unauthorized access to this resource")
resp.WriteHeaderAndEntity(http.StatusUnauthorized,
response.ActionResponse{
Error: true,
Message: "Unauthorized access to this resource",
})
return
}
}
func rootRole(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
role := req.Attribute("Role").(string)
if role == entity.RootRole {
chain.ProcessFilter(req, resp)
} else {
log.Printf("User has no root role: Forbidden")
resp.WriteHeaderAndEntity(http.StatusForbidden,
response.ActionResponse{
Error: true,
Message: "Permission denied",
})
return
}
}
func userRole(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
role := req.Attribute("Role").(string)
if role == entity.RootRole || role == entity.UserRole {
chain.ProcessFilter(req, resp)
} else {
log.Printf("User has no user role: Forbidden")
resp.WriteHeaderAndEntity(http.StatusForbidden,
response.ActionResponse{
Error: true,
Message: "Permission denied",
})
return
}
}
func guestRole(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
role := req.Attribute("Role").(string)
if role == entity.RootRole || role == entity.UserRole || role == entity.GuestRole {
chain.ProcessFilter(req, resp)
} else {
log.Printf("User has no guest role: Forbidden")
resp.WriteHeaderAndEntity(http.StatusForbidden,
response.ActionResponse{
Error: true,
Message: "Permission denied",
})
return
}
}