103 lines
2.9 KiB
Go
103 lines
2.9 KiB
Go
|
package middleware
|
||
|
|
|
||
|
|
import (
|
||
|
|
"bytes"
|
||
|
|
"io"
|
||
|
|
"net/http"
|
||
|
|
"strings"
|
||
|
|
|
||
|
|
"github.com/flatrender/payment-svc/internal/db"
|
||
|
|
"github.com/flatrender/payment-svc/internal/models"
|
||
|
|
"github.com/flatrender/payment-svc/internal/signing"
|
||
|
|
"github.com/gin-gonic/gin"
|
||
|
|
"github.com/golang-jwt/jwt/v5"
|
||
|
|
)
|
||
|
|
|
||
|
|
const (
|
||
|
|
CtxIsAdmin = "is_admin"
|
||
|
|
CtxClient = "client_app"
|
||
|
|
CtxRawBody = "raw_body"
|
||
|
|
)
|
||
|
|
|
||
|
|
// JWTAuth validates a FlatRender identity JWT (same secret) for admin endpoints.
|
||
|
|
func JWTAuth(secret string) gin.HandlerFunc {
|
||
|
|
return func(c *gin.Context) {
|
||
|
|
hdr := c.GetHeader("Authorization")
|
||
|
|
if !strings.HasPrefix(hdr, "Bearer ") {
|
||
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, models.APIError{Code: "unauthorized", Message: "missing bearer token"})
|
||
|
|
return
|
||
|
|
}
|
||
|
|
token, err := jwt.Parse(hdr[7:], func(t *jwt.Token) (interface{}, error) {
|
||
|
|
if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
|
||
|
|
return nil, jwt.ErrSignatureInvalid
|
||
|
|
}
|
||
|
|
return []byte(secret), nil
|
||
|
|
})
|
||
|
|
if err != nil || !token.Valid {
|
||
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, models.APIError{Code: "unauthorized", Message: "invalid token"})
|
||
|
|
return
|
||
|
|
}
|
||
|
|
claims, _ := token.Claims.(jwt.MapClaims)
|
||
|
|
isAdmin := false
|
||
|
|
switch v := claims["is_admin"].(type) {
|
||
|
|
case bool:
|
||
|
|
isAdmin = v
|
||
|
|
case string:
|
||
|
|
isAdmin = v == "true"
|
||
|
|
}
|
||
|
|
c.Set(CtxIsAdmin, isAdmin)
|
||
|
|
c.Next()
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
func RequireAdmin() gin.HandlerFunc {
|
||
|
|
return func(c *gin.Context) {
|
||
|
|
v, _ := c.Get(CtxIsAdmin)
|
||
|
|
if b, _ := v.(bool); !b {
|
||
|
|
c.AbortWithStatusJSON(http.StatusForbidden, models.APIError{Code: "forbidden", Message: "admin required"})
|
||
|
|
return
|
||
|
|
}
|
||
|
|
c.Next()
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
// ClientAuth authenticates a client site by API key + HMAC body signature.
|
||
|
|
//
|
||
|
|
// X-Api-Key: the client's public key
|
||
|
|
// X-Signature: hex( HMAC-SHA256(client.secret, raw_request_body) )
|
||
|
|
//
|
||
|
|
// The verified ClientApp and the raw body are stashed in the gin context.
|
||
|
|
func ClientAuth(store *db.Store) gin.HandlerFunc {
|
||
|
|
return func(c *gin.Context) {
|
||
|
|
apiKey := c.GetHeader("X-Api-Key")
|
||
|
|
if apiKey == "" {
|
||
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, models.APIError{Code: "unauthorized", Message: "missing X-Api-Key"})
|
||
|
|
return
|
||
|
|
}
|
||
|
|
client, err := store.GetClientByAPIKey(c.Request.Context(), apiKey)
|
||
|
|
if err != nil {
|
||
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, models.APIError{Code: "unauthorized", Message: "unknown or inactive api key"})
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
raw, _ := io.ReadAll(c.Request.Body)
|
||
|
|
c.Request.Body = io.NopCloser(bytes.NewReader(raw)) // restore for the handler
|
||
|
|
|
||
|
|
sig := c.GetHeader("X-Signature")
|
||
|
|
if sig == "" || !signing.Verify(client.Secret, raw, sig) {
|
||
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, models.APIError{Code: "bad_signature", Message: "invalid request signature"})
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
c.Set(CtxClient, client)
|
||
|
|
c.Set(CtxRawBody, raw)
|
||
|
|
c.Next()
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
func GetClient(c *gin.Context) *models.ClientApp {
|
||
|
|
v, _ := c.Get(CtxClient)
|
||
|
|
cl, _ := v.(*models.ClientApp)
|
||
|
|
return cl
|
||
|
|
}
|