From b0df5bb9a79fa9e5161348ea6df2c93442f20391 Mon Sep 17 00:00:00 2001 From: Jefferson Rodrigues Date: Wed, 5 Mar 2025 13:13:51 -0300 Subject: [PATCH] feature: adding new environment variables --- auth/middleware/middleware.go | 93 ++++++++++++++++++----------------- 1 file changed, 47 insertions(+), 46 deletions(-) diff --git a/auth/middleware/middleware.go b/auth/middleware/middleware.go index 7a988ec..1558dc4 100644 --- a/auth/middleware/middleware.go +++ b/auth/middleware/middleware.go @@ -1,12 +1,12 @@ package middleware import ( + "bytes" "encoding/json" "fmt" "io" "log" "net/http" - "strings" "time" "github.com/gofiber/fiber/v2" @@ -14,6 +14,7 @@ import ( type AuthClient struct { AuthAddress string + AuthEnabled bool } type AuthResponse struct { @@ -24,64 +25,64 @@ type AuthResponse struct { // Authorize is a middleware function for the Fiber framework that checks if a user is authorized to perform a specific action on a resource. // It sends a POST request to the authorization service with the subject, resource, and action details. // If the user is authorized, the request is passed to the next handler; otherwise, a 403 Forbidden status is returned. -// -// Parameters: -// - sub: The subject (user) identifier. -// - resource: The resource the user wants to access. -// - action: The action the user wants to perform on the resource. -// -// Returns: -// - fiber.Handler: A Fiber handler function that performs the authorization check. -func (auth *AuthClient) Authorize(sub string, resource string, action string) fiber.Handler { - return func(c *fiber.Ctx) error { - client := http.Client{} +func (auth *AuthClient) Authorize(sub, resource, action string) fiber.Handler { + if auth.AuthAddress == "" || !auth.AuthEnabled { + return func(c *fiber.Ctx) error { + return c.Next() + } + } + return func(c *fiber.Ctx) error { accessToken := c.Get("Authorization") - reqBody := strings.NewReader(fmt.Sprintf(`{ - "sub": "%s", - "resource": "%s", - "action": "%s" - }`, fmt.Sprintf("lerian/%s_role", sub), resource, action)) - - req, err := http.NewRequest(http.MethodPost, auth.AuthAddress+"/v1/authorize", reqBody) - if err != nil { - log.Printf("Failed to create request: %v", err) - return err + if authorized, err := auth.checkAuthorization(sub, resource, action, accessToken); err != nil { + log.Printf("Authorization request failed: %v", err) + return c.Status(http.StatusInternalServerError).SendString("Internal Server Error") + } else if authorized { + return c.Next() } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Authorization", accessToken) + return c.Status(http.StatusForbidden).SendString("Forbidden") + } +} - resp, err := client.Do(req) - if err != nil { - log.Printf("Failed to make request: %v", err) +// checkAuthorization sends an authorization request to the external service and returns whether the action is authorized. +func (auth *AuthClient) checkAuthorization(sub, resource, action, accessToken string) (bool, error) { + client := &http.Client{} - return err - } + requestBody, err := json.Marshal(map[string]string{ + "sub": fmt.Sprintf("lerian/%s_role", sub), + "resource": resource, + "action": action, + }) - defer resp.Body.Close() + if err != nil { + return false, fmt.Errorf("failed to marshal request body: %w", err) + } - body, err := io.ReadAll(resp.Body) - if err != nil { - log.Printf("Failed to read response body: %v", err) - return err - } + req, err := http.NewRequest(http.MethodPost, fmt.Sprintf("%s/v1/authorize", auth.AuthAddress), bytes.NewBuffer(requestBody)) + if err != nil { + return false, fmt.Errorf("failed to create request: %w", err) + } - response := &AuthResponse{} + req.Header.Set("Content-Type", "application/json") + req.Header.Set("Authorization", accessToken) - err = json.Unmarshal(body, &response) - if err != nil { - log.Printf("Failed to unmarshal response: %v", err) - return err - } + resp, err := client.Do(req) + if err != nil { + return false, fmt.Errorf("failed to make request: %w", err) + } + defer resp.Body.Close() - if response.Authorized { - return c.Next() - } else { - return c.Status(http.StatusForbidden).SendString("Forbidden") - } + body, err := io.ReadAll(resp.Body) + if err != nil { + return false, fmt.Errorf("failed to read response body: %w", err) + } + var response AuthResponse + if err := json.Unmarshal(body, &response); err != nil { + return false, fmt.Errorf("failed to unmarshal response: %w", err) } + return response.Authorized, nil }