Tested ABAC
This commit is contained in:
Max
parent
01da5ec2ee
commit
fac1b30bf4
@ -3,13 +3,19 @@ package globalrules
|
||||
import (
|
||||
"enshi/auth"
|
||||
"enshi/global"
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
func AuthorizedRule(c *gin.Context) (bool, error) {
|
||||
tokenFromCookies := c.Request.CookiesNamed("auth_cookie")[0].Value
|
||||
cookies := c.Request.CookiesNamed("auth_cookie")
|
||||
if len(cookies) == 0 {
|
||||
return false, fmt.Errorf("no cookies provided")
|
||||
}
|
||||
|
||||
tokenFromCookies := cookies[0].Value
|
||||
cookieClimes, err := auth.ValidateToken(tokenFromCookies)
|
||||
if err != nil {
|
||||
c.IndentedJSON(http.StatusUnauthorized, gin.H{"error auth": err.Error()})
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
package postRules
|
||||
|
||||
import (
|
||||
globalrules "enshi/ABAC/globalRules"
|
||||
"enshi/middleware/checkRole"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
@ -8,6 +9,14 @@ import (
|
||||
|
||||
// Only owner or admin can delete post
|
||||
func DeleteRule(c *gin.Context) (bool, error) {
|
||||
// Sender should be authorized
|
||||
isAuthorized, err := globalrules.AuthorizedRule(c)
|
||||
if err != nil {
|
||||
return false, err
|
||||
} else if !isAuthorized {
|
||||
return false, nil
|
||||
}
|
||||
|
||||
isOwner, err := checkRole.IsOwnerOfThePost(c)
|
||||
if err != nil {
|
||||
return false, err
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
package postRules
|
||||
|
||||
import (
|
||||
globalrules "enshi/ABAC/globalRules"
|
||||
"enshi/middleware/checkRole"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
@ -8,6 +9,14 @@ import (
|
||||
|
||||
// Only owner of the post can change it
|
||||
func PostUpdateRule(c *gin.Context) (bool, error) {
|
||||
// Sender should be authorized
|
||||
isAuthorized, err := globalrules.AuthorizedRule(c)
|
||||
if err != nil {
|
||||
return false, err
|
||||
} else if !isAuthorized {
|
||||
return false, nil
|
||||
}
|
||||
|
||||
isOwner, err := checkRole.IsOwnerOfThePost(c)
|
||||
if err != nil {
|
||||
return false, err
|
||||
|
||||
@ -36,24 +36,27 @@ func SetupRotes(g *gin.Engine) error {
|
||||
"users",
|
||||
authRoutes.RegisterUser,
|
||||
)
|
||||
freeGroup.GET(
|
||||
"posts/:post-id",
|
||||
postsRoutes.GetPost,
|
||||
)
|
||||
|
||||
// Auth group routes
|
||||
authGroup := g.Group("/")
|
||||
authGroup.Use(middleware.AuthMiddleware())
|
||||
|
||||
authGroup.PUT(
|
||||
postsGroup := g.Group("/")
|
||||
postsGroup.Use(middleware.PostsMiddleware())
|
||||
|
||||
postsGroup.GET(
|
||||
"posts/:post-id",
|
||||
postsRoutes.GetPost,
|
||||
)
|
||||
postsGroup.PUT(
|
||||
"posts/:post-id",
|
||||
postsRoutes.UpdatePost,
|
||||
)
|
||||
authGroup.POST(
|
||||
postsGroup.POST(
|
||||
"posts",
|
||||
postsRoutes.CreatePost,
|
||||
)
|
||||
authGroup.DELETE(
|
||||
postsGroup.DELETE(
|
||||
"posts/:post-id",
|
||||
postsRoutes.DeletePost,
|
||||
)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user