75 lines
1.8 KiB
Go
75 lines
1.8 KiB
Go
package identification
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http"
|
|
|
|
groupsmanagement "git.coopgo.io/coopgo-platform/groups-management/grpcapi"
|
|
)
|
|
|
|
const GroupKey ContextKey = "group"
|
|
const RolesKey ContextKey = "roles"
|
|
|
|
func (p *IdentificationProvider) GroupsMiddleware(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
claims := r.Context().Value(ClaimsKey).(map[string]any)
|
|
|
|
session, _ := p.SessionsStore.Get(r, "parcoursmob_session")
|
|
|
|
o, ok := session.Values["organization"]
|
|
if !ok || o == nil {
|
|
http.Redirect(w, r, "/auth/groups/", http.StatusFound)
|
|
return
|
|
}
|
|
|
|
org := o.(string)
|
|
|
|
claimgroups, ok := claims["groups"].([]any)
|
|
|
|
if !ok {
|
|
fmt.Println("cast issue")
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
for _, group := range claimgroups {
|
|
if group == org {
|
|
|
|
request := &groupsmanagement.GetGroupRequest{
|
|
Id: group.(string),
|
|
}
|
|
|
|
resp, err := p.Services.GRPC.GroupsManagement.GetGroup(context.TODO(), request)
|
|
if err != nil {
|
|
delete(session.Values, "organization")
|
|
session.Save(r, w)
|
|
http.Redirect(w, r, "/auth/groups/", http.StatusFound)
|
|
return
|
|
}
|
|
|
|
ctx := context.WithValue(r.Context(), GroupKey, resp.Group.ToStorageType())
|
|
|
|
roles := map[string]bool{}
|
|
|
|
for _, role := range claimgroups {
|
|
//TODO handle flexible roles / roles discovery
|
|
if role == fmt.Sprintf("%s:admin", org) {
|
|
roles[role.(string)] = true
|
|
}
|
|
}
|
|
|
|
ctx = context.WithValue(ctx, RolesKey, roles)
|
|
|
|
next.ServeHTTP(w, r.WithContext(ctx))
|
|
return
|
|
}
|
|
}
|
|
|
|
// Session organization is not in the available groups
|
|
delete(session.Values, "organization")
|
|
session.Save(r, w)
|
|
http.Redirect(w, r, "/auth/groups/", http.StatusFound)
|
|
})
|
|
}
|