removed simple check
This commit is contained in:
+5
-84
@@ -8,7 +8,6 @@ import (
|
||||
"encoding/json"
|
||||
"log"
|
||||
"net/http"
|
||||
"time"
|
||||
)
|
||||
|
||||
var authService *models.CachedAuthorizationService
|
||||
@@ -69,9 +68,11 @@ func AuthorizeHandler(w http.ResponseWriter, r *http.Request) {
|
||||
ctx.Environment = make(map[string]string)
|
||||
}
|
||||
|
||||
// Set RoleID from claims
|
||||
ctx.RoleID = claims.RoleID
|
||||
log.Print("Set context RoleID to ", ctx.RoleID)
|
||||
if ctx.RoleID != claims.RoleID {
|
||||
helper.RespondWithError(w, http.StatusForbidden, "Role ID mismatch")
|
||||
return
|
||||
}
|
||||
|
||||
// Perform authorization
|
||||
log.Printf("[Handler] Performing authorization check for user=%s, resource=%s, action=%s", ctx.UserID, ctx.Resource, ctx.Action)
|
||||
result, err := services.AuthorizeWithCache(authService, &ctx)
|
||||
@@ -101,83 +102,3 @@ func AuthorizeHandler(w http.ResponseWriter, r *http.Request) {
|
||||
helper.RespondWithJSON(w, http.StatusForbidden, response)
|
||||
}
|
||||
}
|
||||
|
||||
// SimpleCheckRequest represents a simplified authorization check request
|
||||
type SimpleCheckRequest struct {
|
||||
Resource string `json:"resource"`
|
||||
Action string `json:"action"`
|
||||
ResourceData map[string]string `json:"resource_data,omitempty"`
|
||||
}
|
||||
|
||||
// SimpleCheckHandler godoc
|
||||
// @Summary Simple permission check
|
||||
// @Description Simplified endpoint to check if the authenticated user has permission for a resource/action
|
||||
// @Tags authorization
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Param request body SimpleCheckRequest true "Simple authorization request"
|
||||
// @Success 200 {object} map[string]interface{}
|
||||
// @Failure 400 {object} map[string]string
|
||||
// @Failure 401 {object} map[string]string
|
||||
// @Failure 403 {object} map[string]interface{}
|
||||
// @Security BearerToken
|
||||
// @Router /v1/auth/simple-check [post]
|
||||
func SimpleCheckHandler(w http.ResponseWriter, r *http.Request) {
|
||||
// Get claims from JWT middleware
|
||||
claims, ok := middleware.GetClaims(r)
|
||||
if !ok {
|
||||
helper.RespondWithError(w, http.StatusUnauthorized, "Unauthorized")
|
||||
return
|
||||
}
|
||||
|
||||
var req SimpleCheckRequest
|
||||
err := json.NewDecoder(r.Body).Decode(&req)
|
||||
if err != nil {
|
||||
helper.RespondWithError(w, http.StatusBadRequest, "Invalid request payload")
|
||||
return
|
||||
}
|
||||
|
||||
// Validate request
|
||||
if req.Resource == "" || req.Action == "" {
|
||||
helper.RespondWithError(w, http.StatusBadRequest, "Missing required fields: resource, action")
|
||||
return
|
||||
}
|
||||
|
||||
log.Printf("[SimpleCheck] Authorization request for user=%s, resource=%s, action=%s",
|
||||
claims.UserID, req.Resource, req.Action)
|
||||
|
||||
// Build authorization context
|
||||
ctx := &models.AuthorizationContext{
|
||||
UserID: claims.UserID,
|
||||
Resource: req.Resource,
|
||||
Action: req.Action,
|
||||
ResourceData: req.ResourceData,
|
||||
Environment: make(map[string]string),
|
||||
}
|
||||
|
||||
// Add current time to environment
|
||||
ctx.Environment["time"] = time.Now().Format(time.RFC3339)
|
||||
|
||||
// Use the direct Authorize function (non-cached)
|
||||
log.Printf("[SimpleCheck] Using direct (non-cached) authorization")
|
||||
result, err := services.Authorize(ctx)
|
||||
if err != nil {
|
||||
helper.LogError(err, "Simple authorization check error")
|
||||
log.Printf("✗ Simple authorization check error for user=%s: %v", claims.UserID, err)
|
||||
helper.RespondWithError(w, http.StatusInternalServerError, "Authorization check failed")
|
||||
return
|
||||
}
|
||||
|
||||
response := map[string]interface{}{
|
||||
"allowed": result.Allowed,
|
||||
"message": result.Message,
|
||||
}
|
||||
|
||||
if result.Allowed {
|
||||
log.Printf("✓ [SimpleCheck] Authorization ALLOWED for user=%s", claims.UserID)
|
||||
helper.RespondWithJSON(w, http.StatusOK, response)
|
||||
} else {
|
||||
log.Printf("✗ [SimpleCheck] Authorization DENIED for user=%s - Reason: %s", claims.UserID, result.Message)
|
||||
helper.RespondWithJSON(w, http.StatusForbidden, response)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -20,7 +20,6 @@ func SetupRoutes(router *mux.Router, db *sql.DB) {
|
||||
|
||||
authRoutes := router.PathPrefix("/v1/auth").Subrouter()
|
||||
authRoutes.HandleFunc("/check", rateLimiter(middleware.JWTAuth(handlers.AuthorizeHandler))).Methods("POST")
|
||||
authRoutes.HandleFunc("/simple-check", rateLimiter(middleware.JWTAuth(handlers.SimpleCheckHandler))).Methods("POST")
|
||||
|
||||
router.PathPrefix("/swagger/").Handler(httpSwagger.WrapHandler)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user