henry/Volleyball
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3a6c3a86e3607c5ef7edc1f15e445132769d3a69
Volleyball/backend/internal/auth/middleware.go

80 lines
2.1 KiB
Go
Raw Blame History

package auth
import (
"net/http"
"strings"
"github.com/gin-gonic/gin"
)
func contains(slice []string, item string) bool {
for _, s := range slice {
if s == item {
return true
}
}
return false
}
func AuthMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
authHeader := c.GetHeader("Authorization")
if !strings.HasPrefix(authHeader, "Bearer ") {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Missing token"})
return
}
tokenStr := strings.TrimPrefix(authHeader, "Bearer ")
claims, err := ParseJWT(tokenStr)
if err != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid token"})
return
}
c.Set("userId", claims.UserID)
c.Set("email", claims.Email)
c.Set("role", claims.Role)
c.Next()
}
}
func AuthorizeJWT(requiredRole string) gin.HandlerFunc {
return func(c *gin.Context) {
//A. Token aus Header holen
authHeader := c.GetHeader("Authorization")
if authHeader == "" {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Authorization Header fehlt"})
return
}
// "Bearer " entfernen
tokenString := strings.TrimPrefix(authHeader, "Bearer ")
if tokenString == authHeader {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Token Format muss 'Bearer <token>' sein"})
return
}
claims, err := ParseJWT(tokenString)
if err != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Token ungültig oder abgelaufen"})
}
// --- NEUE LOGIK ---
// Wir prüfen: Hat der User die geforderte Rolle ODER ist er "admin"?
// (Angenommen "admin" darf alles. Falls nicht, entferne den "admin"-Check)
userHasRequiredRole := contains(claims.Role, requiredRole)
userIsAdmin := contains(claims.Role, "admin")
if !userHasRequiredRole && !userIsAdmin {
c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "Keine Berechtigung"})
return
}
// User und Rollen im Context speichern (als Interface{}, daher später casten)
c.Set("userId", claims.UserID)
c.Set("email", claims.Email)
c.Set("role", claims.Role)
c.Next()
}
}
Reference in New Issue View Git Blame Copy Permalink