feature: adding new environment variables

LerianStudio · Mar 5, 2025 · b0df5bb · b0df5bb
1 parent ffb2008
commit b0df5bb
Showing 1 changed file with 47 additions and 46 deletions.
diff --git a/auth/middleware/middleware.go b/auth/middleware/middleware.go
@@ -1,19 +1,20 @@
 package middleware
 
 import (
+	"bytes"
 	"encoding/json"
 	"fmt"
 	"io"
 	"log"
 	"net/http"
-	"strings"
 	"time"
 
 	"github.com/gofiber/fiber/v2"
 )
 
 type AuthClient struct {
 	AuthAddress string
+	AuthEnabled bool
 }
 
 type AuthResponse struct {
@@ -24,64 +25,64 @@ type AuthResponse struct {
 // Authorize is a middleware function for the Fiber framework that checks if a user is authorized to perform a specific action on a resource.
 // It sends a POST request to the authorization service with the subject, resource, and action details.
 // If the user is authorized, the request is passed to the next handler; otherwise, a 403 Forbidden status is returned.
-//
-// Parameters:
-//   - sub: The subject (user) identifier.
-//   - resource: The resource the user wants to access.
-//   - action: The action the user wants to perform on the resource.
-//
-// Returns:
-//   - fiber.Handler: A Fiber handler function that performs the authorization check.
-func (auth *AuthClient) Authorize(sub string, resource string, action string) fiber.Handler {
-	return func(c *fiber.Ctx) error {
-		client := http.Client{}
+func (auth *AuthClient) Authorize(sub, resource, action string) fiber.Handler {
+	if auth.AuthAddress == "" || !auth.AuthEnabled {
+		return func(c *fiber.Ctx) error {
+			return c.Next()
+		}
+	}
 
+	return func(c *fiber.Ctx) error {
 		accessToken := c.Get("Authorization")
 
-		reqBody := strings.NewReader(fmt.Sprintf(`{
-				"sub": "%s",
-				"resource": "%s",
-				"action": "%s"
-			}`, fmt.Sprintf("lerian/%s_role", sub), resource, action))
-
-		req, err := http.NewRequest(http.MethodPost, auth.AuthAddress+"/v1/authorize", reqBody)
-		if err != nil {
-			log.Printf("Failed to create request: %v", err)
-			return err
+		if authorized, err := auth.checkAuthorization(sub, resource, action, accessToken); err != nil {
+			log.Printf("Authorization request failed: %v", err)
+			return c.Status(http.StatusInternalServerError).SendString("Internal Server Error")
+		} else if authorized {
+			return c.Next()
 		}
 
-		req.Header.Set("Content-Type", "application/json")
-		req.Header.Set("Authorization", accessToken)
+		return c.Status(http.StatusForbidden).SendString("Forbidden")
+	}
+}
 
-		resp, err := client.Do(req)
-		if err != nil {
-			log.Printf("Failed to make request: %v", err)
+// checkAuthorization sends an authorization request to the external service and returns whether the action is authorized.
+func (auth *AuthClient) checkAuthorization(sub, resource, action, accessToken string) (bool, error) {
+	client := &http.Client{}
 
-			return err
-		}
+	requestBody, err := json.Marshal(map[string]string{
+		"sub":      fmt.Sprintf("lerian/%s_role", sub),
+		"resource": resource,
+		"action":   action,
+	})
 
-		defer resp.Body.Close()
+	if err != nil {
+		return false, fmt.Errorf("failed to marshal request body: %w", err)
+	}
 
-		body, err := io.ReadAll(resp.Body)
-		if err != nil {
-			log.Printf("Failed to read response body: %v", err)
-			return err
-		}
+	req, err := http.NewRequest(http.MethodPost, fmt.Sprintf("%s/v1/authorize", auth.AuthAddress), bytes.NewBuffer(requestBody))
+	if err != nil {
+		return false, fmt.Errorf("failed to create request: %w", err)
+	}
 
-		response := &AuthResponse{}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", accessToken)
 
-		err = json.Unmarshal(body, &response)
-		if err != nil {
-			log.Printf("Failed to unmarshal response: %v", err)
-			return err
-		}
+	resp, err := client.Do(req)
+	if err != nil {
+		return false, fmt.Errorf("failed to make request: %w", err)
+	}
+	defer resp.Body.Close()
 
-		if response.Authorized {
-			return c.Next()
-		} else {
-			return c.Status(http.StatusForbidden).SendString("Forbidden")
-		}
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return false, fmt.Errorf("failed to read response body: %w", err)
+	}
 
+	var response AuthResponse
+	if err := json.Unmarshal(body, &response); err != nil {
+		return false, fmt.Errorf("failed to unmarshal response: %w", err)
 	}
 
+	return response.Authorized, nil
 }