diff --git a/handlers/authorize.go b/handlers/authorize.go index 02325d0..c97d53d 100644 --- a/handlers/authorize.go +++ b/handlers/authorize.go @@ -8,7 +8,6 @@ import ( "encoding/json" "log" "net/http" - "time" ) var authService *models.CachedAuthorizationService @@ -69,9 +68,11 @@ func AuthorizeHandler(w http.ResponseWriter, r *http.Request) { ctx.Environment = make(map[string]string) } - // Set RoleID from claims - ctx.RoleID = claims.RoleID - log.Print("Set context RoleID to ", ctx.RoleID) + if ctx.RoleID != claims.RoleID { + helper.RespondWithError(w, http.StatusForbidden, "Role ID mismatch") + return + } + // Perform authorization log.Printf("[Handler] Performing authorization check for user=%s, resource=%s, action=%s", ctx.UserID, ctx.Resource, ctx.Action) result, err := services.AuthorizeWithCache(authService, &ctx) @@ -101,83 +102,3 @@ func AuthorizeHandler(w http.ResponseWriter, r *http.Request) { helper.RespondWithJSON(w, http.StatusForbidden, response) } } - -// SimpleCheckRequest represents a simplified authorization check request -type SimpleCheckRequest struct { - Resource string `json:"resource"` - Action string `json:"action"` - ResourceData map[string]string `json:"resource_data,omitempty"` -} - -// SimpleCheckHandler godoc -// @Summary Simple permission check -// @Description Simplified endpoint to check if the authenticated user has permission for a resource/action -// @Tags authorization -// @Accept json -// @Produce json -// @Param request body SimpleCheckRequest true "Simple authorization request" -// @Success 200 {object} map[string]interface{} -// @Failure 400 {object} map[string]string -// @Failure 401 {object} map[string]string -// @Failure 403 {object} map[string]interface{} -// @Security BearerToken -// @Router /v1/auth/simple-check [post] -func SimpleCheckHandler(w http.ResponseWriter, r *http.Request) { - // Get claims from JWT middleware - claims, ok := middleware.GetClaims(r) - if !ok { - helper.RespondWithError(w, http.StatusUnauthorized, "Unauthorized") - return - } - - var req SimpleCheckRequest - err := json.NewDecoder(r.Body).Decode(&req) - if err != nil { - helper.RespondWithError(w, http.StatusBadRequest, "Invalid request payload") - return - } - - // Validate request - if req.Resource == "" || req.Action == "" { - helper.RespondWithError(w, http.StatusBadRequest, "Missing required fields: resource, action") - return - } - - log.Printf("[SimpleCheck] Authorization request for user=%s, resource=%s, action=%s", - claims.UserID, req.Resource, req.Action) - - // Build authorization context - ctx := &models.AuthorizationContext{ - UserID: claims.UserID, - Resource: req.Resource, - Action: req.Action, - ResourceData: req.ResourceData, - Environment: make(map[string]string), - } - - // Add current time to environment - ctx.Environment["time"] = time.Now().Format(time.RFC3339) - - // Use the direct Authorize function (non-cached) - log.Printf("[SimpleCheck] Using direct (non-cached) authorization") - result, err := services.Authorize(ctx) - if err != nil { - helper.LogError(err, "Simple authorization check error") - log.Printf("✗ Simple authorization check error for user=%s: %v", claims.UserID, err) - helper.RespondWithError(w, http.StatusInternalServerError, "Authorization check failed") - return - } - - response := map[string]interface{}{ - "allowed": result.Allowed, - "message": result.Message, - } - - if result.Allowed { - log.Printf("✓ [SimpleCheck] Authorization ALLOWED for user=%s", claims.UserID) - helper.RespondWithJSON(w, http.StatusOK, response) - } else { - log.Printf("✗ [SimpleCheck] Authorization DENIED for user=%s - Reason: %s", claims.UserID, result.Message) - helper.RespondWithJSON(w, http.StatusForbidden, response) - } -} diff --git a/routes/routes.go b/routes/routes.go index a835bdf..6d0e65e 100644 --- a/routes/routes.go +++ b/routes/routes.go @@ -20,7 +20,6 @@ func SetupRoutes(router *mux.Router, db *sql.DB) { authRoutes := router.PathPrefix("/v1/auth").Subrouter() authRoutes.HandleFunc("/check", rateLimiter(middleware.JWTAuth(handlers.AuthorizeHandler))).Methods("POST") - authRoutes.HandleFunc("/simple-check", rateLimiter(middleware.JWTAuth(handlers.SimpleCheckHandler))).Methods("POST") router.PathPrefix("/swagger/").Handler(httpSwagger.WrapHandler) }