2022-11-18 13:05:40 +01:00
|
|
|
package authorization
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"errors"
|
2022-11-18 17:18:46 +01:00
|
|
|
"net/http"
|
2022-11-18 13:05:40 +01:00
|
|
|
|
2022-11-20 19:53:24 +01:00
|
|
|
"github.com/notherealmarco/WASAPhoto/service/api/helpers"
|
2022-11-18 13:05:40 +01:00
|
|
|
"github.com/notherealmarco/WASAPhoto/service/api/reqcontext"
|
2022-11-18 17:18:46 +01:00
|
|
|
"github.com/notherealmarco/WASAPhoto/service/database"
|
2022-11-20 19:53:24 +01:00
|
|
|
"github.com/sirupsen/logrus"
|
2022-11-18 13:05:40 +01:00
|
|
|
)
|
|
|
|
|
|
2023-01-10 01:21:53 +01:00
|
|
|
// BuildAuth returns an Authorization implementation for the currently logged in user
|
2022-11-18 13:05:40 +01:00
|
|
|
func BuildAuth(header string) (reqcontext.Authorization, error) {
|
|
|
|
|
auth, err := BuildBearer(header)
|
|
|
|
|
if err != nil {
|
|
|
|
|
if err.Error() == "invalid authorization header" {
|
2022-11-22 22:47:17 +01:00
|
|
|
return nil, errors.New("authentication method not supported")
|
2022-11-18 13:05:40 +01:00
|
|
|
}
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return auth, nil
|
|
|
|
|
}
|
2022-11-18 17:18:46 +01:00
|
|
|
|
2023-01-10 01:21:53 +01:00
|
|
|
// Given a user authorization function, if the function returns some error, it sends the error to the client and return false
|
|
|
|
|
// Otherwise it returns true without sending anything to the client
|
2022-11-20 19:53:24 +01:00
|
|
|
func SendAuthorizationError(f func(db database.AppDatabase, uid string) (reqcontext.AuthStatus, error), uid string, db database.AppDatabase, w http.ResponseWriter, l logrus.FieldLogger, notFoundStatus int) bool {
|
2022-11-18 17:18:46 +01:00
|
|
|
auth, err := f(db, uid)
|
|
|
|
|
if err != nil {
|
2022-11-20 19:53:24 +01:00
|
|
|
helpers.SendInternalError(err, "Authorization error", w, l)
|
2022-11-18 17:18:46 +01:00
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
if auth == reqcontext.UNAUTHORIZED {
|
2023-01-10 01:21:53 +01:00
|
|
|
// The token is not valid
|
2022-11-20 19:53:24 +01:00
|
|
|
helpers.SendStatus(http.StatusUnauthorized, w, "Unauthorized", l)
|
2022-11-18 17:18:46 +01:00
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
if auth == reqcontext.FORBIDDEN {
|
2023-01-10 01:21:53 +01:00
|
|
|
// The user is not authorized for this action
|
2022-11-20 19:53:24 +01:00
|
|
|
helpers.SendStatus(http.StatusForbidden, w, "Forbidden", l)
|
2022-11-18 17:18:46 +01:00
|
|
|
return false
|
|
|
|
|
}
|
2022-11-18 18:58:12 +01:00
|
|
|
if auth == reqcontext.USER_NOT_FOUND {
|
2023-01-10 01:21:53 +01:00
|
|
|
// Attempting to perform an action on a non-existent user
|
2022-11-22 23:41:52 +01:00
|
|
|
helpers.SendStatus(notFoundStatus, w, "User not found", l)
|
2022-11-18 18:58:12 +01:00
|
|
|
return false
|
|
|
|
|
}
|
2022-11-18 17:18:46 +01:00
|
|
|
return true
|
|
|
|
|
}
|
2022-11-21 19:44:50 +01:00
|
|
|
|
2023-01-10 01:21:53 +01:00
|
|
|
// Given a function that validates a token, if the function returns some error, it sends the error to the client and return false
|
|
|
|
|
// Otherwise it returns true without sending anything to the client
|
2022-11-21 19:44:50 +01:00
|
|
|
func SendErrorIfNotLoggedIn(f func(db database.AppDatabase) (reqcontext.AuthStatus, error), db database.AppDatabase, w http.ResponseWriter, l logrus.FieldLogger) bool {
|
|
|
|
|
|
|
|
|
|
auth, err := f(db)
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
helpers.SendInternalError(err, "Authorization error", w, l)
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if auth == reqcontext.UNAUTHORIZED {
|
2023-01-10 01:21:53 +01:00
|
|
|
// The token is not valid
|
2022-11-21 19:44:50 +01:00
|
|
|
helpers.SendStatus(http.StatusUnauthorized, w, "Unauthorized", l)
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true
|
|
|
|
|
}
|
