package identification import ( "context" "fmt" "net/http" groupsmanagement "git.coopgo.io/coopgo-platform/groups-management/grpcapi" "github.com/rs/zerolog/log" ) const GroupKey ContextKey = "group" const RolesKey ContextKey = "roles" func (p *IdentificationProvider) GroupsMiddleware(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { claims := r.Context().Value(ClaimsKey).(map[string]any) session, _ := p.SessionsStore.Get(r, "parcoursmob_session") o, ok := session.Values["organization"] if !ok || o == nil { http.Redirect(w, r, "/auth/groups/", http.StatusFound) return } org := o.(string) claimgroups, ok := claims["groups"].([]any) if !ok { log.Error().Msg("cast issue") w.WriteHeader(http.StatusInternalServerError) return } for _, group := range claimgroups { if group == org { request := &groupsmanagement.GetGroupRequest{ Id: group.(string), } resp, err := p.Services.GRPC.GroupsManagement.GetGroup(context.TODO(), request) if err != nil { delete(session.Values, "organization") session.Save(r, w) http.Redirect(w, r, "/auth/groups/", http.StatusFound) return } ctx := context.WithValue(r.Context(), GroupKey, resp.Group.ToStorageType()) roles := map[string]bool{} for _, role := range claimgroups { //TODO handle flexible roles / roles discovery if role == fmt.Sprintf("%s:admin", org) { roles[role.(string)] = true } } ctx = context.WithValue(ctx, RolesKey, roles) next.ServeHTTP(w, r.WithContext(ctx)) return } } // Session organization is not in the available groups delete(session.Values, "organization") session.Save(r, w) http.Redirect(w, r, "/auth/groups/", http.StatusFound) }) }