From b41bb7912575fe83e72b21e74574f18b1e2caf08 Mon Sep 17 00:00:00 2001
From: ragilap <ragil9478@gmail.com>
Date: Tue, 23 Dec 2025 11:50:45 +0700
Subject: [PATCH] Fix(BE-304):uncomment auth

---
 internal/middleware/auth.go | 104 ++++++++++++++++++------------------
 1 file changed, 52 insertions(+), 52 deletions(-)

diff --git a/internal/middleware/auth.go b/internal/middleware/auth.go
index 85bb8146..a08d431b 100644
--- a/internal/middleware/auth.go
+++ b/internal/middleware/auth.go
@@ -4,7 +4,7 @@ import (
 	"strings"
 
 	"github.com/gofiber/fiber/v2"
-	// "gitlab.com/mbugroup/lti-api.git/internal/config"
+	"gitlab.com/mbugroup/lti-api.git/internal/config"
 	entity "gitlab.com/mbugroup/lti-api.git/internal/entities"
 	"gitlab.com/mbugroup/lti-api.git/internal/modules/sso/session"
 	service "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
@@ -31,65 +31,65 @@ type AuthContext struct {
 // fine-grained authorization using the SSO access token scopes.
 func Auth(userService service.UserService, requiredScopes ...string) fiber.Handler {
 	return func(c *fiber.Ctx) error {
-		// token := bearerToken(c)
-		// if token == "" {
-		// 	token = strings.TrimSpace(c.Cookies(config.SSOAccessCookieName))
-		// }
-		// if token == "" {
-		// 	return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
-		// }
+		token := bearerToken(c)
+		if token == "" {
+			token = strings.TrimSpace(c.Cookies(config.SSOAccessCookieName))
+		}
+		if token == "" {
+			return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
+		}
 
-		// verification, err := sso.VerifyAccessToken(token)
-		// if err != nil {
-		// 	utils.Log.WithError(err).Warn("auth: token verification failed")
-		// 	return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
-		// }
+		verification, err := sso.VerifyAccessToken(token)
+		if err != nil {
+			utils.Log.WithError(err).Warn("auth: token verification failed")
+			return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
+		}
 
-		// if verification.UserID == 0 {
-		// 	return fiber.NewError(fiber.StatusForbidden, "Service authentication is not permitted for this endpoint")
-		// }
+		if verification.UserID == 0 {
+			return fiber.NewError(fiber.StatusForbidden, "Service authentication is not permitted for this endpoint")
+		}
 
-		// if err := ensureNotRevoked(c, token, verification); err != nil {
-		// 	return err
-		// }
+		if err := ensureNotRevoked(c, token, verification); err != nil {
+			return err
+		}
 
-		// user, err := userService.GetBySSOUserID(c, verification.UserID)
-		// if err != nil || user == nil {
-		// 	utils.Log.WithError(err).Warn("auth: failed to resolve user from repository")
-		// 	return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
-		// }
+		user, err := userService.GetBySSOUserID(c, verification.UserID)
+		if err != nil || user == nil {
+			utils.Log.WithError(err).Warn("auth: failed to resolve user from repository")
+			return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
+		}
 
-		// if len(requiredScopes) > 0 {
-		// 	if verification.Claims == nil || !hasAllScopes(verification.Claims.Scopes(), requiredScopes) {
-		// 		return fiber.NewError(fiber.StatusForbidden, "Insufficient scope")
-		// 	}
-		// }
+		if len(requiredScopes) > 0 {
+			if verification.Claims == nil || !hasAllScopes(verification.Claims.Scopes(), requiredScopes) {
+				return fiber.NewError(fiber.StatusForbidden, "Insufficient scope")
+			}
+		}
 
-		// var roles []sso.Role
-		// permissions := make(map[string]struct{})
-		// if verification.UserID != 0 {
-		// 	if profile, err := sso.FetchProfile(c.Context(), token, verification); err != nil {
-		// 		utils.Log.WithError(err).Warn("auth: failed to fetch sso profile")
-		// 	} else if profile != nil {
-		// 		roles = profile.Roles
-		// 		for _, perm := range profile.PermissionNames() {
-		// 			if perm != "" {
-		// 				permissions[perm] = struct{}{}
-		// 			}
-		// 		}
-		// 	}
-		// }
+		var roles []sso.Role
+		permissions := make(map[string]struct{})
+		if verification.UserID != 0 {
+			if profile, err := sso.FetchProfile(c.Context(), token, verification); err != nil {
+				utils.Log.WithError(err).Warn("auth: failed to fetch sso profile")
+			} else if profile != nil {
+				roles = profile.Roles
+				for _, perm := range profile.PermissionNames() {
+					if perm != "" {
+						permissions[perm] = struct{}{}
+					}
+				}
+			}
+		}
 
-		// ctx := &AuthContext{
-		// 	Token:        token,
-		// 	Verification: verification,
-		// 	User:         user,
-		// 	Roles:        roles,
-		// 	Permissions:  permissions,
-		// }
+		ctx := &AuthContext{
+			Token:        token,
+			Verification: verification,
+			User:         user,
+			Roles:        roles,
+			Permissions:  permissions,
+		}
 
-		// c.Locals(authContextLocalsKey, ctx)
-		// c.Locals(authUserLocalsKey, user)
+		c.Locals(authContextLocalsKey, ctx)
+		c.Locals(authUserLocalsKey, user)
 		return c.Next()
 	}
 }