gitea-admin/lti-api
1
0
Fork 0
mirror of https://gitlab.com/mbugroup/lti-api.git synced 2026-05-20 21:41:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat/login crud in users sync with sso

Browse Source
This commit is contained in:
ragilap
2025-10-06 12:31:54 +07:00
parent 1684d69fae
commit 6bddbbf9d9
21 changed files with 1576 additions and 136 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/middleware/auth.go
+32 -3
View File
@@ -5,7 +5,7 @@ import (
"gitlab.com/mbugroup/lti-api.git/internal/config"
service "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
"gitlab.com/mbugroup/lti-api.git/internal/utils"
"gitlab.com/mbugroup/lti-api.git/internal/sso"
"github.com/gofiber/fiber/v2"
)
@@ -15,21 +15,50 @@ func Auth(userService service.UserService, requiredRights ...string) fiber.Handl
authHeader := c.Get("Authorization")
token := strings.TrimSpace(strings.TrimPrefix(authHeader, "Bearer "))
if token == "" {
cookieName := config.SSOAccessCookieName
if cookieName == "" {
cookieName = "access"
}
token = strings.TrimSpace(c.Cookies(cookieName))
}
if token == "" {
return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
}
userID, err := utils.VerifyToken(token, config.JWTSecret, config.TokenTypeAccess)
verification, err := sso.VerifyAccessToken(token)
if err != nil {
return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
}
user, err := userService.GetOne(c, userID)
if len(config.SSOAllowedAudiences) > 0 {
allowed := make(map[string]struct{}, len(config.SSOAllowedAudiences))
for _, aud := range config.SSOAllowedAudiences {
aud = strings.TrimSpace(aud)
if aud != "" {
allowed[aud] = struct{}{}
}
}
audienceValid := false
for _, aud := range verification.Claims.Audience {
if _, ok := allowed[aud]; ok {
audienceValid = true
break
}
}
if !audienceValid {
return fiber.NewError(fiber.StatusUnauthorized, "invalid audience")
}
}
user, err := userService.GetBySSOUserID(c, verification.UserID)
if err != nil || user == nil {
return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
}
c.Locals("user", user)
c.Locals("token_claims", verification.Claims)
// if len(requiredRights) > 0 {
// userRights, hasRights := config.RoleRights[user.Role]