lot of new functionalities

core/utils/identification/groups.go

@@ -0,0 +1,75 @@
+package identification
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	groupsmanagement "git.coopgo.io/coopgo-platform/groups-management/grpcapi"
+	"github.com/rs/zerolog/log"
+)
+
+const GroupKey ContextKey = "group"
+const RolesKey ContextKey = "roles"
+
+func (p *IdentificationProvider) GroupsMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		claims := r.Context().Value(ClaimsKey).(map[string]any)
+
+		session, _ := p.SessionsStore.Get(r, "parcoursmob_session")
+
+		o, ok := session.Values["organization"]
+		if !ok || o == nil {
+			http.Redirect(w, r, "/auth/groups/", http.StatusFound)
+			return
+		}
+
+		org := o.(string)
+
+		claimgroups, ok := claims["groups"].([]any)
+
+		if !ok {
+			log.Error().Msg("cast issue")
+			w.WriteHeader(http.StatusInternalServerError)
+			return
+		}
+
+		for _, group := range claimgroups {
+			if group == org {
+
+				request := &groupsmanagement.GetGroupRequest{
+					Id: group.(string),
+				}
+
+				resp, err := p.Services.GRPC.GroupsManagement.GetGroup(context.TODO(), request)
+				if err != nil {
+					delete(session.Values, "organization")
+					session.Save(r, w)
+					http.Redirect(w, r, "/auth/groups/", http.StatusFound)
+					return
+				}
+
+				ctx := context.WithValue(r.Context(), GroupKey, resp.Group.ToStorageType())
+
+				roles := map[string]bool{}
+
+				for _, role := range claimgroups {
+					//TODO handle flexible roles / roles discovery
+					if role == fmt.Sprintf("%s:admin", org) {
+						roles[role.(string)] = true
+					}
+				}
+
+				ctx = context.WithValue(ctx, RolesKey, roles)
+
+				next.ServeHTTP(w, r.WithContext(ctx))
+				return
+			}
+		}
+
+		// Session organization is not in the available groups
+		delete(session.Values, "organization")
+		session.Save(r, w)
+		http.Redirect(w, r, "/auth/groups/", http.StatusFound)
+	})
+}