mirror of
https://github.com/h44z/wg-portal.git
synced 2025-12-14 10:36:18 +00:00
initial commit
This commit is contained in:
Christoph Haas
51
internal/server/routes.go
Normal file
51
internal/server/routes.go
Normal file
@@ -0,0 +1,51 @@
|
||||
package server
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
func SetupRoutes(s *Server) {
|
||||
// Startpage
|
||||
s.server.GET("/", s.GetIndex)
|
||||
|
||||
// Auth routes
|
||||
auth := s.server.Group("/auth")
|
||||
auth.GET("/login", s.GetLogin)
|
||||
auth.POST("/login", s.PostLogin)
|
||||
auth.GET("/logout", s.GetLogout)
|
||||
|
||||
// Admin routes
|
||||
admin := s.server.Group("/admin")
|
||||
admin.Use(s.RequireAuthentication(s.config.AdminLdapGroup))
|
||||
admin.GET("/", s.GetAdminIndex)
|
||||
|
||||
// User routes
|
||||
user := s.server.Group("/user")
|
||||
user.Use(s.RequireAuthentication("")) // empty scope = all logged in users
|
||||
}
|
||||
|
||||
func (s *Server) RequireAuthentication(scope string) gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
session := s.getSessionData(c)
|
||||
|
||||
if !session.LoggedIn {
|
||||
// Abort the request with the appropriate error code
|
||||
c.Abort()
|
||||
c.Redirect(http.StatusSeeOther, s.config.AuthRoutePrefix+"/login?err=loginreq")
|
||||
return
|
||||
}
|
||||
|
||||
if scope != "" && !s.ldapUsers.IsInGroup(session.UserName, s.config.AdminLdapGroup) && // admins always have access
|
||||
!s.ldapUsers.IsInGroup(session.UserName, scope) {
|
||||
// Abort the request with the appropriate error code
|
||||
c.Abort()
|
||||
s.HandleError(c, http.StatusUnauthorized, "unauthorized", "not enough permissions")
|
||||
return
|
||||
}
|
||||
|
||||
// Continue down the chain to handler etc
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user