aboutsummaryrefslogtreecommitdiff
path: root/backend/api/auth.go
diff options
context:
space:
mode:
authorArda Serdar Pektezol <1669855+pektezol@users.noreply.github.com>2024-10-31 22:06:00 +0300
committerArda Serdar Pektezol <1669855+pektezol@users.noreply.github.com>2024-10-31 22:06:00 +0300
commit4210c9b38f9053f6720a6bebaadefd24c542eaa9 (patch)
tree5b0061e23cf91291ed9e5f387766148d45103591 /backend/api/auth.go
parentchore: change repo name to lphub (diff)
downloadlphub-4210c9b38f9053f6720a6bebaadefd24c542eaa9.tar.gz
lphub-4210c9b38f9053f6720a6bebaadefd24c542eaa9.tar.bz2
lphub-4210c9b38f9053f6720a6bebaadefd24c542eaa9.zip
backend: better auth check, audit logging
Diffstat (limited to 'backend/api/auth.go')
-rw-r--r--backend/api/auth.go19
1 files changed, 13 insertions, 6 deletions
diff --git a/backend/api/auth.go b/backend/api/auth.go
index 621a68b..a1f859c 100644
--- a/backend/api/auth.go
+++ b/backend/api/auth.go
@@ -2,6 +2,7 @@ package api
2 2
3import ( 3import (
4 "fmt" 4 "fmt"
5 "net/http"
5 "os" 6 "os"
6 "time" 7 "time"
7 8
@@ -12,7 +13,7 @@ import (
12 "github.com/golang-jwt/jwt/v4" 13 "github.com/golang-jwt/jwt/v4"
13) 14)
14 15
15func CheckAuth(c *gin.Context) { 16func IsAuthenticated(c *gin.Context) {
16 tokenString := c.GetHeader("Authorization") 17 tokenString := c.GetHeader("Authorization")
17 // Validate token 18 // Validate token
18 token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { 19 token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
@@ -22,17 +23,17 @@ func CheckAuth(c *gin.Context) {
22 return []byte(os.Getenv("SECRET_KEY")), nil 23 return []byte(os.Getenv("SECRET_KEY")), nil
23 }) 24 })
24 if token == nil { 25 if token == nil {
25 c.Next() 26 c.AbortWithStatusJSON(http.StatusOK, models.ErrorResponse("Token is nil."))
26 return 27 return
27 } 28 }
28 if err != nil { 29 if err != nil {
29 c.Next() 30 c.AbortWithStatusJSON(http.StatusOK, models.ErrorResponse("Token is invalid."))
30 return 31 return
31 } 32 }
32 if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid { 33 if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
33 // Check exp 34 // Check exp
34 if float64(time.Now().Unix()) > claims["exp"].(float64) { 35 if float64(time.Now().Unix()) > claims["exp"].(float64) {
35 c.Next() 36 c.AbortWithStatusJSON(http.StatusOK, models.ErrorResponse("Token expired."))
36 return 37 return
37 } 38 }
38 // Get user from DB 39 // Get user from DB
@@ -41,7 +42,7 @@ func CheckAuth(c *gin.Context) {
41 &user.SteamID, &user.UserName, &user.AvatarLink, 42 &user.SteamID, &user.UserName, &user.AvatarLink,
42 &user.CountryCode, &user.CreatedAt, &user.UpdatedAt) 43 &user.CountryCode, &user.CreatedAt, &user.UpdatedAt)
43 if user.SteamID == "" { 44 if user.SteamID == "" {
44 c.Next() 45 c.AbortWithStatusJSON(http.StatusOK, models.ErrorResponse("Token does not match a user."))
45 return 46 return
46 } 47 }
47 // Get user titles from DB 48 // Get user titles from DB
@@ -56,11 +57,17 @@ func CheckAuth(c *gin.Context) {
56 } 57 }
57 user.Titles = append(user.Titles, title) 58 user.Titles = append(user.Titles, title)
58 } 59 }
60 // Set user id variable in db session for audit logging
61 _, err = database.DB.Exec(fmt.Sprintf("SET app.user_id = '%s';", user.SteamID))
62 if err != nil {
63 c.AbortWithStatusJSON(http.StatusOK, models.ErrorResponse("Session failed to start."))
64 return
65 }
59 c.Set("user", user) 66 c.Set("user", user)
60 c.Set("mod", moderator) 67 c.Set("mod", moderator)
61 c.Next() 68 c.Next()
62 } else { 69 } else {
63 c.Next() 70 c.AbortWithStatusJSON(http.StatusOK, models.ErrorResponse("Token is invalid."))
64 return 71 return
65 } 72 }
66} 73}
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-08 23:19:36 +0000