naise_pos/api/middleware.go

package api

import (
	"errors"
	"fmt"
	"net/http"
	"strings"

	"git.nochill.in/nochill/naice_pos/token"
	"github.com/gin-gonic/gin"
)

const (
	authorizationHeaderKey  = "authorization"
	authorizationTypeBearer = "bearer"
	authorizationPayloadKey = "authorization_payload"
)

func authMiddleware(tokenMaker token.Maker) gin.HandlerFunc {
	return func(ctx *gin.Context) {
		authorizationHeader := ctx.GetHeader(authorizationHeaderKey)
		if len(authorizationHeader) == 0 {
			err := errors.New("authorization header is not provided")
			ctx.AbortWithStatusJSON(http.StatusUnauthorized, errorResponse(err, ""))
			return
		}

		fields := strings.Fields(authorizationHeader)
		if len(fields) < 2 {
			err := errors.New("Invalid authorization header format")
			ctx.AbortWithStatusJSON(http.StatusUnauthorized, errorResponse(err, ""))
			return
		}

		authorizationType := strings.ToLower(fields[0])
		if authorizationType != authorizationTypeBearer {
			err := fmt.Errorf("Authorization only accept bearer type")
			ctx.AbortWithStatusJSON(http.StatusUnauthorized, errorResponse(err, ""))
		}

		accessToken := fields[1]
		payload, err := tokenMaker.VerifyToken(accessToken)
		if err != nil {
			ctx.AbortWithStatusJSON(http.StatusUnauthorized, errorResponse(err, ""))
			return
		}

		ctx.Set(authorizationPayloadKey, payload)
		ctx.Next()
	}
}
add middlweare and authorization 2023-03-15 15:00:36 +07:00			`package api`

			`import (`
			`"errors"`
			`"fmt"`
			`"net/http"`
			`"strings"`

			`"git.nochill.in/nochill/naice_pos/token"`
			`"github.com/gin-gonic/gin"`
			`)`

			`const (`
			`authorizationHeaderKey = "authorization"`
			`authorizationTypeBearer = "bearer"`
			`authorizationPayloadKey = "authorization_payload"`
			`)`

			`func authMiddleware(tokenMaker token.Maker) gin.HandlerFunc {`
			`return func(ctx *gin.Context) {`
			`authorizationHeader := ctx.GetHeader(authorizationHeaderKey)`
			`if len(authorizationHeader) == 0 {`
			`err := errors.New("authorization header is not provided")`
add sale order 2023-03-22 12:06:09 +07:00			`ctx.AbortWithStatusJSON(http.StatusUnauthorized, errorResponse(err, ""))`
add middlweare and authorization 2023-03-15 15:00:36 +07:00			`return`
			`}`

			`fields := strings.Fields(authorizationHeader)`
			`if len(fields) < 2 {`
			`err := errors.New("Invalid authorization header format")`
add sale order 2023-03-22 12:06:09 +07:00			`ctx.AbortWithStatusJSON(http.StatusUnauthorized, errorResponse(err, ""))`
add middlweare and authorization 2023-03-15 15:00:36 +07:00			`return`
			`}`

			`authorizationType := strings.ToLower(fields[0])`
			`if authorizationType != authorizationTypeBearer {`
			`err := fmt.Errorf("Authorization only accept bearer type")`
add sale order 2023-03-22 12:06:09 +07:00			`ctx.AbortWithStatusJSON(http.StatusUnauthorized, errorResponse(err, ""))`
add middlweare and authorization 2023-03-15 15:00:36 +07:00			`}`

			`accessToken := fields[1]`
			`payload, err := tokenMaker.VerifyToken(accessToken)`
			`if err != nil {`
add sale order 2023-03-22 12:06:09 +07:00			`ctx.AbortWithStatusJSON(http.StatusUnauthorized, errorResponse(err, ""))`
add middlweare and authorization 2023-03-15 15:00:36 +07:00			`return`
			`}`

			`ctx.Set(authorizationPayloadKey, payload)`
			`ctx.Next()`
			`}`
			`}`