mirror of
https://github.com/h44z/wg-portal.git
synced 2025-04-19 08:55:12 +00:00
8b820a5adf
Initial alpha codebase for version 2 of WireGuard Portal. This version is considered unstable and incomplete (for example, no public REST API)! Use with care! Fixes/Implements the following issues: - OAuth support #154, #1 - New Web UI with internationalisation support #98, #107, #89, #62 - Postgres Support #49 - Improved Email handling #47, #119 - DNS Search Domain support #46 - Bugfixes #94, #48 --------- Co-authored-by: Fabian Wechselberger <wechselbergerf@hotmail.com>
86 lines
2.1 KiB
Go
86 lines
2.1 KiB
Go
package handlers
|
|
|
|
import (
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/h44z/wg-portal/internal/app"
|
|
"github.com/h44z/wg-portal/internal/app/api/v0/model"
|
|
"github.com/h44z/wg-portal/internal/domain"
|
|
"net/http"
|
|
)
|
|
|
|
type Scope string
|
|
|
|
const (
|
|
ScopeAdmin Scope = "ADMIN" // Admin scope contains all other scopes
|
|
ScopeSwagger Scope = "SWAGGER"
|
|
ScopeUser Scope = "USER"
|
|
)
|
|
|
|
type authenticationHandler struct {
|
|
app *app.App
|
|
Session SessionStore
|
|
}
|
|
|
|
// LoggedIn checks if a user is logged in. If scopes are given, they are validated as well.
|
|
func (h authenticationHandler) LoggedIn(scopes ...Scope) gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
session := h.Session.GetData(c)
|
|
|
|
if !session.LoggedIn {
|
|
// Abort the request with the appropriate error code
|
|
c.Abort()
|
|
c.JSON(http.StatusUnauthorized, model.Error{Code: http.StatusUnauthorized, Message: "not logged in"})
|
|
return
|
|
}
|
|
|
|
if !UserHasScopes(session, scopes...) {
|
|
// Abort the request with the appropriate error code
|
|
c.Abort()
|
|
c.JSON(http.StatusForbidden, model.Error{Code: http.StatusForbidden, Message: "not enough permissions"})
|
|
return
|
|
}
|
|
|
|
// Check if logged-in user is still valid
|
|
if !h.app.Authenticator.IsUserValid(c.Request.Context(), domain.UserIdentifier(session.UserIdentifier)) {
|
|
h.Session.DestroyData(c)
|
|
c.Abort()
|
|
c.JSON(http.StatusUnauthorized, model.Error{Code: http.StatusUnauthorized, Message: "session no longer available"})
|
|
return
|
|
}
|
|
|
|
c.Set(domain.CtxUserInfo, &domain.ContextUserInfo{
|
|
Id: domain.UserIdentifier(session.UserIdentifier),
|
|
IsAdmin: session.IsAdmin,
|
|
})
|
|
|
|
// Continue down the chain to handler etc
|
|
c.Next()
|
|
}
|
|
}
|
|
|
|
func UserHasScopes(session SessionData, scopes ...Scope) bool {
|
|
// No scopes give, so the check should succeed
|
|
if len(scopes) == 0 {
|
|
return true
|
|
}
|
|
|
|
// check if user has admin scope
|
|
if session.IsAdmin {
|
|
return true
|
|
}
|
|
|
|
// Check if admin scope is required
|
|
for _, scope := range scopes {
|
|
if scope == ScopeAdmin {
|
|
return false
|
|
}
|
|
}
|
|
|
|
// For all other scopes, a logged-in user is sufficient (for now)
|
|
if session.LoggedIn {
|
|
return true
|
|
}
|
|
|
|
return false
|
|
}
|