removed simple check
This commit is contained in:
+5
-84
@@ -8,7 +8,6 @@ import (
|
|||||||
"encoding/json"
|
"encoding/json"
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
"time"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var authService *models.CachedAuthorizationService
|
var authService *models.CachedAuthorizationService
|
||||||
@@ -69,9 +68,11 @@ func AuthorizeHandler(w http.ResponseWriter, r *http.Request) {
|
|||||||
ctx.Environment = make(map[string]string)
|
ctx.Environment = make(map[string]string)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set RoleID from claims
|
if ctx.RoleID != claims.RoleID {
|
||||||
ctx.RoleID = claims.RoleID
|
helper.RespondWithError(w, http.StatusForbidden, "Role ID mismatch")
|
||||||
log.Print("Set context RoleID to ", ctx.RoleID)
|
return
|
||||||
|
}
|
||||||
|
|
||||||
// Perform authorization
|
// Perform authorization
|
||||||
log.Printf("[Handler] Performing authorization check for user=%s, resource=%s, action=%s", ctx.UserID, ctx.Resource, ctx.Action)
|
log.Printf("[Handler] Performing authorization check for user=%s, resource=%s, action=%s", ctx.UserID, ctx.Resource, ctx.Action)
|
||||||
result, err := services.AuthorizeWithCache(authService, &ctx)
|
result, err := services.AuthorizeWithCache(authService, &ctx)
|
||||||
@@ -101,83 +102,3 @@ func AuthorizeHandler(w http.ResponseWriter, r *http.Request) {
|
|||||||
helper.RespondWithJSON(w, http.StatusForbidden, response)
|
helper.RespondWithJSON(w, http.StatusForbidden, response)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// SimpleCheckRequest represents a simplified authorization check request
|
|
||||||
type SimpleCheckRequest struct {
|
|
||||||
Resource string `json:"resource"`
|
|
||||||
Action string `json:"action"`
|
|
||||||
ResourceData map[string]string `json:"resource_data,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// SimpleCheckHandler godoc
|
|
||||||
// @Summary Simple permission check
|
|
||||||
// @Description Simplified endpoint to check if the authenticated user has permission for a resource/action
|
|
||||||
// @Tags authorization
|
|
||||||
// @Accept json
|
|
||||||
// @Produce json
|
|
||||||
// @Param request body SimpleCheckRequest true "Simple authorization request"
|
|
||||||
// @Success 200 {object} map[string]interface{}
|
|
||||||
// @Failure 400 {object} map[string]string
|
|
||||||
// @Failure 401 {object} map[string]string
|
|
||||||
// @Failure 403 {object} map[string]interface{}
|
|
||||||
// @Security BearerToken
|
|
||||||
// @Router /v1/auth/simple-check [post]
|
|
||||||
func SimpleCheckHandler(w http.ResponseWriter, r *http.Request) {
|
|
||||||
// Get claims from JWT middleware
|
|
||||||
claims, ok := middleware.GetClaims(r)
|
|
||||||
if !ok {
|
|
||||||
helper.RespondWithError(w, http.StatusUnauthorized, "Unauthorized")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
var req SimpleCheckRequest
|
|
||||||
err := json.NewDecoder(r.Body).Decode(&req)
|
|
||||||
if err != nil {
|
|
||||||
helper.RespondWithError(w, http.StatusBadRequest, "Invalid request payload")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Validate request
|
|
||||||
if req.Resource == "" || req.Action == "" {
|
|
||||||
helper.RespondWithError(w, http.StatusBadRequest, "Missing required fields: resource, action")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
log.Printf("[SimpleCheck] Authorization request for user=%s, resource=%s, action=%s",
|
|
||||||
claims.UserID, req.Resource, req.Action)
|
|
||||||
|
|
||||||
// Build authorization context
|
|
||||||
ctx := &models.AuthorizationContext{
|
|
||||||
UserID: claims.UserID,
|
|
||||||
Resource: req.Resource,
|
|
||||||
Action: req.Action,
|
|
||||||
ResourceData: req.ResourceData,
|
|
||||||
Environment: make(map[string]string),
|
|
||||||
}
|
|
||||||
|
|
||||||
// Add current time to environment
|
|
||||||
ctx.Environment["time"] = time.Now().Format(time.RFC3339)
|
|
||||||
|
|
||||||
// Use the direct Authorize function (non-cached)
|
|
||||||
log.Printf("[SimpleCheck] Using direct (non-cached) authorization")
|
|
||||||
result, err := services.Authorize(ctx)
|
|
||||||
if err != nil {
|
|
||||||
helper.LogError(err, "Simple authorization check error")
|
|
||||||
log.Printf("✗ Simple authorization check error for user=%s: %v", claims.UserID, err)
|
|
||||||
helper.RespondWithError(w, http.StatusInternalServerError, "Authorization check failed")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
response := map[string]interface{}{
|
|
||||||
"allowed": result.Allowed,
|
|
||||||
"message": result.Message,
|
|
||||||
}
|
|
||||||
|
|
||||||
if result.Allowed {
|
|
||||||
log.Printf("✓ [SimpleCheck] Authorization ALLOWED for user=%s", claims.UserID)
|
|
||||||
helper.RespondWithJSON(w, http.StatusOK, response)
|
|
||||||
} else {
|
|
||||||
log.Printf("✗ [SimpleCheck] Authorization DENIED for user=%s - Reason: %s", claims.UserID, result.Message)
|
|
||||||
helper.RespondWithJSON(w, http.StatusForbidden, response)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|||||||
@@ -20,7 +20,6 @@ func SetupRoutes(router *mux.Router, db *sql.DB) {
|
|||||||
|
|
||||||
authRoutes := router.PathPrefix("/v1/auth").Subrouter()
|
authRoutes := router.PathPrefix("/v1/auth").Subrouter()
|
||||||
authRoutes.HandleFunc("/check", rateLimiter(middleware.JWTAuth(handlers.AuthorizeHandler))).Methods("POST")
|
authRoutes.HandleFunc("/check", rateLimiter(middleware.JWTAuth(handlers.AuthorizeHandler))).Methods("POST")
|
||||||
authRoutes.HandleFunc("/simple-check", rateLimiter(middleware.JWTAuth(handlers.SimpleCheckHandler))).Methods("POST")
|
|
||||||
|
|
||||||
router.PathPrefix("/swagger/").Handler(httpSwagger.WrapHandler)
|
router.PathPrefix("/swagger/").Handler(httpSwagger.WrapHandler)
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user