admin/Authorization
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed region fetching in user_attributes

Browse Source
This commit is contained in:
F04C
2026-04-16 13:42:50 +08:00
parent f0bc603a5f
commit 29cf10c379
7 changed files with 43 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files
handlers/authorize.go
+14 -13
View File
@@ -1,7 +1,6 @@
package handlers
import (
"authorization/helper"
"authorization/middleware"
"authorization/models"
"authorization/services"
@@ -9,6 +8,8 @@ import (
"io"
"log"
"net/http"
sabat "github.com/cespares/response"
)
var authService *models.CachedAuthorizationService
@@ -36,7 +37,7 @@ func AuthorizeHandler(w http.ResponseWriter, r *http.Request) {
claims, ok := middleware.GetClaims(r)
if !ok {
log.Printf("ERROR: Missing JWT claims in request context (method=%s, path=%s)", r.Method, r.URL.Path)
helper.RespondWithError(w, http.StatusUnauthorized, "Unauthorized")
sabat.RespondWithError(w, http.StatusUnauthorized, "Unauthorized")
return
}
@@ -48,7 +49,7 @@ func AuthorizeHandler(w http.ResponseWriter, r *http.Request) {
bodyBytes, err := io.ReadAll(r.Body)
if err != nil {
log.Printf("ERROR: Failed to read authorization request body: %v", err)
helper.RespondWithError(w, http.StatusBadRequest, "Invalid request body")
sabat.RespondWithError(w, http.StatusBadRequest, "Invalid request body")
return
}
log.Printf("Raw authorization request body: %s", string(bodyBytes))
@@ -56,7 +57,7 @@ func AuthorizeHandler(w http.ResponseWriter, r *http.Request) {
// Decode JSON into AuthorizationContext
if err := json.Unmarshal(bodyBytes, &ctx); err != nil {
log.Printf("ERROR: Failed to unmarshal request body: %v", err)
helper.RespondWithError(w, http.StatusBadRequest, "Invalid request payload")
sabat.RespondWithError(w, http.StatusBadRequest, "Invalid request payload")
return
}
@@ -65,7 +66,7 @@ func AuthorizeHandler(w http.ResponseWriter, r *http.Request) {
log.Printf("User ID ctx=%s, resource=%s, action=%s, roleID=%d", ctx.UsersID, ctx.Resource, ctx.Action, ctx.RoleID)
if ctx.UsersID == "" || ctx.Resource == "" || ctx.Action == "" {
log.Printf("ERROR: Missing required fields - UsersID=%s, Resource=%s, Action=%s", ctx.UsersID, ctx.Resource, ctx.Action)
helper.RespondWithError(w, http.StatusBadRequest, "Missing required fields: users_id, resource, action")
sabat.RespondWithError(w, http.StatusBadRequest, "Missing required fields: users_id, resource, action")
return
}
@@ -74,7 +75,7 @@ func AuthorizeHandler(w http.ResponseWriter, r *http.Request) {
// Verify JWT user matches request user (security check)
if ctx.UsersID != claims.UsersID {
log.Printf("ERROR: User ID mismatch - ctx.UsersID='%s' vs claims.UsersID='%s'", ctx.UsersID, claims.UsersID)
helper.RespondWithError(w, http.StatusForbidden, "User ID mismatch")
sabat.RespondWithError(w, http.StatusForbidden, "User ID mismatch")
return
}
@@ -107,7 +108,7 @@ func AuthorizeHandler(w http.ResponseWriter, r *http.Request) {
log.Printf("[Handler] Role candidate resolution - requested=%v, finalCandidates=%v", requestedRoles, validRoles)
if len(validRoles) == 0 {
log.Printf("ERROR: Role mismatch for user=%s - requestedRoles=%v, claimRoles=%v", ctx.UsersID, requestedRoles, claimRoles)
helper.RespondWithError(w, http.StatusForbidden, "Role ID mismatch")
sabat.RespondWithError(w, http.StatusForbidden, "Role ID mismatch")
return
}
@@ -119,29 +120,29 @@ func AuthorizeHandler(w http.ResponseWriter, r *http.Request) {
log.Printf("[Handler] Performing authorization check for user=%s, resource=%s, action=%s", ctx.UsersID, ctx.Resource, ctx.Action)
result, err := services.AuthorizeWithCache(authService, &ctx)
if err != nil {
helper.LogError(err, "Authorization service error")
sabat.LogError(err, "Authorization service error")
log.Printf("✗ Authorization service error for user=%s: %v", ctx.UsersID, err)
helper.RespondWithError(w, http.StatusInternalServerError, "Authorization check failed")
sabat.RespondWithError(w, http.StatusInternalServerError, "Authorization check failed")
return
}
// Return result
if result.Allowed {
log.Printf("✓ [Handler] Authorization ALLOWED - Returning 200 OK to client")
// Return response matching AuthorizationResponse model for client compatibility
// Return sabat matching Authorizationsabat model for client compatibility
response := map[string]interface{}{
"allowed": result.Allowed,
"reason": result.Message,
}
helper.RespondWithJSON(w, http.StatusOK, response)
sabat.RespondWithJSON(w, http.StatusOK, response)
} else {
log.Printf("✗ [Handler] Authorization DENIED - Returning 403 Forbidden to client (reason: %s)", result.Message)
// Return response matching AuthorizationResponse model for client compatibility
// Return sabat matching Authorizationsabat model for client compatibility
response := map[string]interface{}{
"allowed": result.Allowed,
"reason": result.Message,
}
helper.RespondWithJSON(w, http.StatusForbidden, response)
sabat.RespondWithJSON(w, http.StatusForbidden, response)
}
}
handlers/health.go
+4 -3
View File
@@ -2,13 +2,14 @@ package handlers
import (
"authorization/db"
"authorization/helper"
"authorization/models"
"authorization/redisclient"
"context"
"encoding/json"
"net/http"
"time"
sabat "github.com/cespares/response"
)
// HealthHandler provides a basic liveness check
@@ -22,7 +23,7 @@ func HealthHandler(w http.ResponseWriter, r *http.Request) {
response := models.HealthResponse{
Status: "ok",
}
helper.RespondWithJSON(w, http.StatusOK, response)
sabat.RespondWithJSON(w, http.StatusOK, response)
}
// ReadyHandler checks if the service is ready to handle requests
@@ -81,6 +82,6 @@ func ReadyHandler(w http.ResponseWriter, r *http.Request) {
Status: status,
Services: services,
}); err != nil {
helper.LogError(err, "Error encoding health response")
sabat.LogError(err, "Error encoding health response")
}
}