From b63dff90e69e746d7c3fd5a7ce886d89895ec39e Mon Sep 17 00:00:00 2001 From: Arda Serdar Pektezol <1669855+pektezol@users.noreply.github.com> Date: Thu, 27 Oct 2022 15:19:48 +0300 Subject: change middleware directory --- backend/middleware/auth.go | 56 ++++++++++++++++++++++++++++++++++++++++++++++ backend/routes/routes.go | 2 +- middleware/auth.go | 56 ---------------------------------------------- 3 files changed, 57 insertions(+), 57 deletions(-) create mode 100644 backend/middleware/auth.go delete mode 100644 middleware/auth.go diff --git a/backend/middleware/auth.go b/backend/middleware/auth.go new file mode 100644 index 0000000..ccd9c22 --- /dev/null +++ b/backend/middleware/auth.go @@ -0,0 +1,56 @@ +package middleware + +import ( + "fmt" + "log" + "net/http" + "os" + "time" + + "github.com/gin-gonic/gin" + "github.com/golang-jwt/jwt/v4" + "github.com/pektezol/leastportals/backend/database" + "github.com/pektezol/leastportals/backend/models" +) + +func RequireAuth(c *gin.Context) { + // Get auth cookie + tokenString, err := c.Cookie("auth") + if err != nil { + log.Println("RequireAuth: Err getting cookie") + c.AbortWithStatus(http.StatusUnauthorized) + return + } + // Validate token + token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { + if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { + return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"]) + } + return []byte(os.Getenv("SECRET_KEY")), nil + }) + if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid { + // Check exp + if float64(time.Now().Unix()) > claims["exp"].(float64) { + log.Println("RequireAuth: Token expired") + c.AbortWithStatus(http.StatusUnauthorized) // Expired + return + } + // Get user from DB + var user models.User + database.DB.QueryRow(`SELECT * FROM users WHERE steam_id = $1;`, claims["sub"]).Scan( + &user.SteamID, &user.Username, &user.AvatarLink, &user.CountryCode, + &user.CreatedAt, &user.UpdatedAt, &user.UserType) + if user.SteamID == 0 { + log.Println("RequireAuth: No user found on database") + c.AbortWithStatus(http.StatusUnauthorized) + return + } + // Attach user to request + c.Set("user", user) + c.Next() + } else { + log.Println("RequireAuth: Invalid token") + c.AbortWithStatus(http.StatusUnauthorized) + return + } +} diff --git a/backend/routes/routes.go b/backend/routes/routes.go index 9088eb3..51df115 100644 --- a/backend/routes/routes.go +++ b/backend/routes/routes.go @@ -7,7 +7,7 @@ import ( "github.com/gin-contrib/sessions/cookie" "github.com/gin-gonic/gin" "github.com/pektezol/leastportals/backend/controllers" - "github.com/pektezol/leastportals/middleware" + "github.com/pektezol/leastportals/backend/middleware" ) func InitRoutes(router *gin.Engine) { diff --git a/middleware/auth.go b/middleware/auth.go deleted file mode 100644 index ccd9c22..0000000 --- a/middleware/auth.go +++ /dev/null @@ -1,56 +0,0 @@ -package middleware - -import ( - "fmt" - "log" - "net/http" - "os" - "time" - - "github.com/gin-gonic/gin" - "github.com/golang-jwt/jwt/v4" - "github.com/pektezol/leastportals/backend/database" - "github.com/pektezol/leastportals/backend/models" -) - -func RequireAuth(c *gin.Context) { - // Get auth cookie - tokenString, err := c.Cookie("auth") - if err != nil { - log.Println("RequireAuth: Err getting cookie") - c.AbortWithStatus(http.StatusUnauthorized) - return - } - // Validate token - token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { - if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { - return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"]) - } - return []byte(os.Getenv("SECRET_KEY")), nil - }) - if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid { - // Check exp - if float64(time.Now().Unix()) > claims["exp"].(float64) { - log.Println("RequireAuth: Token expired") - c.AbortWithStatus(http.StatusUnauthorized) // Expired - return - } - // Get user from DB - var user models.User - database.DB.QueryRow(`SELECT * FROM users WHERE steam_id = $1;`, claims["sub"]).Scan( - &user.SteamID, &user.Username, &user.AvatarLink, &user.CountryCode, - &user.CreatedAt, &user.UpdatedAt, &user.UserType) - if user.SteamID == 0 { - log.Println("RequireAuth: No user found on database") - c.AbortWithStatus(http.StatusUnauthorized) - return - } - // Attach user to request - c.Set("user", user) - c.Next() - } else { - log.Println("RequireAuth: Invalid token") - c.AbortWithStatus(http.StatusUnauthorized) - return - } -} -- cgit v1.2.3