Files
goaresv3/pkg/middleware/auth.go
Beyhan Oğur b6e74bd024 first commit
2026-04-26 21:41:46 +03:00

64 lines
1.7 KiB
Go

package middleware
import (
"net/http"
"os"
"strings"
"github.com/gin-gonic/gin"
accountModels "goaresv3/app/accounts/models"
"goaresv3/config"
jwtHelper "goaresv3/pkg/jwt"
)
// AuthRequired validates the Bearer access token and injects claims into context.
func AuthRequired() gin.HandlerFunc {
return func(c *gin.Context) {
header := c.GetHeader("Authorization")
if !strings.HasPrefix(header, "Bearer ") {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "authorization header missing or malformed"})
return
}
tokenStr := strings.TrimPrefix(header, "Bearer ")
claims, err := jwtHelper.ValidateToken(tokenStr, os.Getenv("JWT_SECRET"))
if err != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid or expired access token"})
return
}
c.Set("user_id", claims.UserID)
c.Set("email", claims.Email)
c.Set("username", claims.UserName)
c.Next()
}
}
// AdminRequired checks whether the authenticated user has admin privileges.
func AdminRequired() gin.HandlerFunc {
return func(c *gin.Context) {
userID := c.GetUint("user_id")
if userID == 0 {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})
return
}
if config.DB == nil {
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"error": "database is not connected"})
return
}
var user accountModels.User
if err := config.DB.Select("id", "is_admin").First(&user, userID).Error; err != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid user"})
return
}
if user.IsAdmin == nil || !*user.IsAdmin {
c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "admin role required"})
return
}
c.Next()
}
}