2021-05-15 14:03:10 +00:00
|
|
|
|
package middleware
|
2021-04-11 09:48:15 +00:00
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
|
"context"
|
|
|
|
|
|
"fmt"
|
2021-09-05 15:24:13 +00:00
|
|
|
|
"heruvym/jwt_adapter"
|
2021-04-11 09:48:15 +00:00
|
|
|
|
"net/http"
|
|
|
|
|
|
"strings"
|
2023-03-23 20:08:01 +00:00
|
|
|
|
"time"
|
2023-03-01 17:38:03 +00:00
|
|
|
|
|
|
|
|
|
|
errors2 "github.com/pkg/errors"
|
2023-03-23 20:08:01 +00:00
|
|
|
|
"github.com/rs/xid"
|
2023-03-01 17:38:03 +00:00
|
|
|
|
"github.com/themakers/hlog"
|
2021-04-11 09:48:15 +00:00
|
|
|
|
)
|
|
|
|
|
|
|
2021-05-15 14:03:10 +00:00
|
|
|
|
// My MiddleWare with gorilla/mux
|
|
|
|
|
|
|
|
|
|
|
|
type Middleware struct {
|
2023-03-01 17:38:03 +00:00
|
|
|
|
logger hlog.Logger
|
|
|
|
|
|
// mongo dal.LayerMongoDb
|
2021-05-15 14:03:10 +00:00
|
|
|
|
allowedOrigins string
|
|
|
|
|
|
allowedRoles map[string]string // key - path, value - roles
|
2021-04-11 09:48:15 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-04-12 21:37:28 +00:00
|
|
|
|
const sessionKey = "Sess"
|
2024-02-11 20:16:40 +00:00
|
|
|
|
const HostKey = "host"
|
2023-03-23 20:08:01 +00:00
|
|
|
|
|
2021-05-15 14:03:10 +00:00
|
|
|
|
func NewMiddleware(
|
|
|
|
|
|
logger hlog.Logger,
|
2023-03-01 17:38:03 +00:00
|
|
|
|
//mongo dal.LayerMongoDb,
|
2021-05-15 14:03:10 +00:00
|
|
|
|
allowedOrigins string,
|
|
|
|
|
|
allowedRoles map[string]string,
|
|
|
|
|
|
) *Middleware {
|
|
|
|
|
|
return &Middleware{
|
2023-04-12 20:44:12 +00:00
|
|
|
|
logger: logger,
|
2021-05-15 14:03:10 +00:00
|
|
|
|
allowedOrigins: allowedOrigins,
|
|
|
|
|
|
allowedRoles: allowedRoles,
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-04-11 09:48:15 +00:00
|
|
|
|
|
2021-05-15 14:03:10 +00:00
|
|
|
|
func (mw *Middleware) MiddlewareLogger(next http.Handler) http.Handler {
|
|
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
|
mw.logger.Emit(DebugHttpRequest{Url: r.URL.String()})
|
|
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
|
|
})
|
|
|
|
|
|
}
|
2021-04-11 09:48:15 +00:00
|
|
|
|
|
2021-05-15 14:03:10 +00:00
|
|
|
|
func (mw *Middleware) MiddlewareOriginAccess(next http.Handler) http.Handler {
|
|
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
|
if len(r.Header["Origin"]) > 0 {
|
|
|
|
|
|
if mw.allowedOrigins != "*" && !strings.Contains(mw.allowedOrigins, r.Header["Origin"][0]) {
|
|
|
|
|
|
mw.logger.Emit(ErrorOriginAccess{Origin: r.Header["Origin"][0], Url: r.URL.String()})
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
|
|
})
|
|
|
|
|
|
}
|
2021-05-01 10:05:45 +00:00
|
|
|
|
|
2021-05-15 14:03:10 +00:00
|
|
|
|
func recFn(rec interface{}) (int, string) {
|
|
|
|
|
|
var (
|
|
|
|
|
|
code int
|
|
|
|
|
|
message string
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
if err, ok := rec.(error); ok {
|
2023-03-01 17:38:03 +00:00
|
|
|
|
code = http.StatusInternalServerError
|
|
|
|
|
|
message = err.Error()
|
2021-05-15 14:03:10 +00:00
|
|
|
|
} else {
|
|
|
|
|
|
code = http.StatusInternalServerError
|
|
|
|
|
|
message = fmt.Sprintf("%v", rec)
|
|
|
|
|
|
}
|
2021-04-11 09:48:15 +00:00
|
|
|
|
|
2021-05-15 14:03:10 +00:00
|
|
|
|
return code, message
|
|
|
|
|
|
}
|
2021-04-11 09:48:15 +00:00
|
|
|
|
|
2021-05-15 14:03:10 +00:00
|
|
|
|
func (mw *Middleware) MiddlewareRecovery(next http.Handler) http.Handler {
|
|
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
|
defer func() {
|
|
|
|
|
|
if rec := recover(); rec != nil {
|
|
|
|
|
|
code, message := recFn(rec)
|
|
|
|
|
|
w.WriteHeader(code)
|
|
|
|
|
|
if _, err := fmt.Fprint(w, message); err != nil {
|
|
|
|
|
|
mw.logger.Emit(ErrorWritingPanicResponse{Err: err})
|
|
|
|
|
|
}
|
|
|
|
|
|
mw.logger.Emit(ErrorPanicInHttpHandler{
|
|
|
|
|
|
Code: code,
|
|
|
|
|
|
Message: message,
|
|
|
|
|
|
Recovered: rec,
|
|
|
|
|
|
})
|
2021-04-11 09:48:15 +00:00
|
|
|
|
}
|
2021-05-15 14:03:10 +00:00
|
|
|
|
}()
|
|
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
|
|
})
|
|
|
|
|
|
}
|
2021-04-11 09:48:15 +00:00
|
|
|
|
|
2021-05-15 14:03:10 +00:00
|
|
|
|
func (mw *Middleware) MiddlewareJwt(next http.Handler) http.Handler {
|
|
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
2021-04-11 09:48:15 +00:00
|
|
|
|
|
2023-03-23 20:08:01 +00:00
|
|
|
|
var (
|
|
|
|
|
|
token, role string
|
|
|
|
|
|
adapter *jwt_adapter.JwtAdapter
|
|
|
|
|
|
)
|
|
|
|
|
|
|
2023-03-21 19:27:51 +00:00
|
|
|
|
switch r.Header["Referer"][0] {
|
2024-01-26 02:15:57 +00:00
|
|
|
|
case "sadmin.pena":
|
2023-03-01 17:38:03 +00:00
|
|
|
|
role = "admin"
|
2024-01-27 11:05:24 +00:00
|
|
|
|
case "admin.pena":
|
|
|
|
|
|
role = "admin"
|
2023-03-01 17:38:03 +00:00
|
|
|
|
default:
|
|
|
|
|
|
role = "user"
|
|
|
|
|
|
}
|
2023-03-21 19:00:02 +00:00
|
|
|
|
ctx := context.WithValue(r.Context(), jwt_adapter.RoleKey, role)
|
2023-03-01 17:38:03 +00:00
|
|
|
|
|
2021-09-05 15:24:13 +00:00
|
|
|
|
tokenCookie, err := r.Cookie(jwt_adapter.DefaultHeaderKey)
|
2024-02-11 20:16:40 +00:00
|
|
|
|
fmt.Println("MW1", err)
|
2021-09-05 15:24:13 +00:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
// Escape GET requests
|
|
|
|
|
|
if r.Method == http.MethodGet {
|
2023-03-21 19:00:02 +00:00
|
|
|
|
next.ServeHTTP(w, r.WithContext(ctx))
|
2021-09-05 15:24:13 +00:00
|
|
|
|
return
|
|
|
|
|
|
}
|
2023-04-12 21:18:55 +00:00
|
|
|
|
|
2024-02-09 00:20:01 +00:00
|
|
|
|
fmt.Println("MW2", jwt_adapter.DefaultHeaderKey, r.Header[jwt_adapter.DefaultHeaderKey])
|
2024-02-09 00:20:01 +00:00
|
|
|
|
if len(r.Header[jwt_adapter.DefaultHeaderKey]) <= 0 || !func(hdrs []string) bool {
|
2024-02-09 00:20:01 +00:00
|
|
|
|
if len(hdrs) == 0 {return false}
|
|
|
|
|
|
fmt.Println("SS", hdrs[0])
|
|
|
|
|
|
if hdrs[0] == "Bearer" || hdrs[0] == "Bearer " {
|
|
|
|
|
|
return false
|
|
|
|
|
|
}
|
|
|
|
|
|
return true
|
|
|
|
|
|
}(r.Header[jwt_adapter.DefaultHeaderKey]) {
|
|
|
|
|
|
fmt.Println("MW3", r.Header[sessionKey], sessionKey, r.Header)
|
|
|
|
|
|
if len(r.Header[sessionKey]) == 0 {
|
2023-04-12 20:44:12 +00:00
|
|
|
|
if sessCookie, err := r.Cookie(sessionKey); err != nil {
|
|
|
|
|
|
id := xid.New().String()
|
|
|
|
|
|
adapter = &jwt_adapter.JwtAdapter{Id: id}
|
|
|
|
|
|
http.SetCookie(w, &http.Cookie{
|
2024-02-11 20:16:40 +00:00
|
|
|
|
Name: sessionKey,
|
|
|
|
|
|
Value: id,
|
|
|
|
|
|
Expires: time.Now().Add(time.Hour * 24 * 30),
|
2023-04-13 13:21:33 +00:00
|
|
|
|
SameSite: http.SameSiteNoneMode,
|
2024-02-11 20:16:40 +00:00
|
|
|
|
Secure: true,
|
2023-04-12 20:44:12 +00:00
|
|
|
|
})
|
2024-02-09 00:20:01 +00:00
|
|
|
|
fmt.Println("SSS", sessCookie, err)
|
2023-04-12 20:44:12 +00:00
|
|
|
|
} else {
|
2024-02-09 00:20:01 +00:00
|
|
|
|
fmt.Println("SSS1", sessCookie.Value, err)
|
2023-04-12 20:44:12 +00:00
|
|
|
|
adapter = &jwt_adapter.JwtAdapter{Id: sessCookie.Value}
|
|
|
|
|
|
}
|
2023-03-23 20:08:01 +00:00
|
|
|
|
} else {
|
2023-04-12 20:44:12 +00:00
|
|
|
|
adapter = &jwt_adapter.JwtAdapter{Id: r.Header[sessionKey][0]}
|
2023-03-23 20:08:01 +00:00
|
|
|
|
}
|
|
|
|
|
|
} else {
|
|
|
|
|
|
token = r.Header[jwt_adapter.DefaultHeaderKey][0]
|
|
|
|
|
|
token = strings.Replace(token, "Bearer ", "", -1)
|
2021-09-05 15:24:13 +00:00
|
|
|
|
}
|
|
|
|
|
|
} else {
|
|
|
|
|
|
token = tokenCookie.Value
|
2021-04-11 09:48:15 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-03-23 20:08:01 +00:00
|
|
|
|
if adapter == nil {
|
|
|
|
|
|
adapter, err = jwt_adapter.Decode(token)
|
2021-04-11 09:48:15 +00:00
|
|
|
|
|
2023-03-23 20:08:01 +00:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
mw.logger.Emit(ErrorJwtAccess{Err: err})
|
|
|
|
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
2021-04-11 09:48:15 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-05-15 14:03:10 +00:00
|
|
|
|
err = setJwtHeader(adapter, w, mw.logger)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
mw.logger.Emit(ErrorJwtAccess{Err: err})
|
|
|
|
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
2021-04-11 09:48:15 +00:00
|
|
|
|
|
2023-03-21 19:00:02 +00:00
|
|
|
|
ctx = context.WithValue(ctx, jwt_adapter.DefaultHeaderKey, adapter)
|
2021-05-15 14:03:10 +00:00
|
|
|
|
next.ServeHTTP(w, r.WithContext(ctx))
|
|
|
|
|
|
})
|
2021-04-11 09:48:15 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-05-15 14:03:10 +00:00
|
|
|
|
func getJwtUserId(r *http.Request) (string, error) {
|
2021-09-05 15:24:13 +00:00
|
|
|
|
if jwtAdapter, ok := r.Context().Value(jwt_adapter.DefaultHeaderKey).(*jwt_adapter.JwtAdapter); ok {
|
2023-03-01 17:38:03 +00:00
|
|
|
|
return jwtAdapter.Id, nil
|
2021-04-11 09:48:15 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-05-15 14:03:10 +00:00
|
|
|
|
return "", errors2.New("no token in context")
|
2021-04-11 09:48:15 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-05-15 14:03:10 +00:00
|
|
|
|
func (mw *Middleware) MiddlewareRoleAccess(next http.Handler) http.Handler {
|
|
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
|
// Если доступ по роли задан
|
|
|
|
|
|
if allowedRoles, ok := mw.allowedRoles[r.URL.Path]; ok {
|
2021-04-11 09:48:15 +00:00
|
|
|
|
|
2021-05-15 14:03:10 +00:00
|
|
|
|
// Если роли не указаны
|
|
|
|
|
|
if allowedRoles == "" {
|
|
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
|
|
return
|
2021-04-11 09:48:15 +00:00
|
|
|
|
}
|
2023-03-01 17:38:03 +00:00
|
|
|
|
/*
|
|
|
|
|
|
id, err := getJwtUserId(r)
|
|
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
mw.logger.Emit(ErrorRoleAccess{Err: err})
|
|
|
|
|
|
http.Error(w, "internal server error", http.StatusInternalServerError)
|
|
|
|
|
|
return
|
|
|
|
|
|
}*/
|
|
|
|
|
|
/*
|
|
|
|
|
|
role, err := mw.mongo.GetProfileRole(r.Context(), id)
|
|
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
mw.logger.Emit(ErrorRoleAccess{Err: err})
|
|
|
|
|
|
http.Error(w, "internal server error", http.StatusInternalServerError)
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
*/
|
2021-05-15 14:03:10 +00:00
|
|
|
|
// Если у пользователя не задана роль - блокируем доступ
|
2023-03-01 17:38:03 +00:00
|
|
|
|
/* if role == "" {
|
|
|
|
|
|
err = errors.UserHaveNoRole("User have no role")
|
|
|
|
|
|
mw.logger.Emit(ErrorRoleAccess{err})
|
|
|
|
|
|
http.Error(w, err.Error(), http.StatusForbidden)
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Если указан астериск - доступ имеет любая роль
|
|
|
|
|
|
if !(allowedRoles == "*" || strings.Contains(allowedRoles, role)) {
|
|
|
|
|
|
err = errors.UserHaveNoRole("User role not allowed")
|
|
|
|
|
|
mw.logger.Emit(ErrorRoleAccess{err})
|
|
|
|
|
|
http.Error(w, err.Error(), http.StatusForbidden)
|
|
|
|
|
|
return
|
|
|
|
|
|
}*/
|
2021-05-15 14:03:10 +00:00
|
|
|
|
}
|
2021-04-11 09:48:15 +00:00
|
|
|
|
|
2021-05-15 14:03:10 +00:00
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
|
|
})
|
|
|
|
|
|
}
|
2021-04-11 09:48:15 +00:00
|
|
|
|
|
2021-05-15 14:03:10 +00:00
|
|
|
|
// MiddlewareJwtPlug jwt заглушка для отладки кода, удалить в релизе
|
2023-03-01 17:38:03 +00:00
|
|
|
|
/*
|
2021-05-15 14:03:10 +00:00
|
|
|
|
func (mw *Middleware) MiddlewareJwtPlug(next http.Handler) http.Handler {
|
|
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
|
adapter := jwt_adapter.JwtAdapter{ID: "604b79aced1d431b9e911f56"}
|
|
|
|
|
|
adapter.Init()
|
|
|
|
|
|
adapter.SetUserID("604b79aced1d431b9e911f56")
|
|
|
|
|
|
ctx := context.WithValue(r.Context(), "JWT", &adapter)
|
2021-04-11 09:48:15 +00:00
|
|
|
|
|
2021-05-15 14:03:10 +00:00
|
|
|
|
next.ServeHTTP(w, r.WithContext(ctx))
|
|
|
|
|
|
})
|
2021-04-11 09:48:15 +00:00
|
|
|
|
}
|
2023-03-01 17:38:03 +00:00
|
|
|
|
*/
|
2024-02-11 20:16:40 +00:00
|
|
|
|
|
|
|
|
|
|
func (mw *Middleware) ExtractHostMiddleware(next http.Handler) http.Handler {
|
|
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
2024-02-17 21:54:46 +00:00
|
|
|
|
host := r.Header["Referer"][0]
|
2024-02-11 20:16:40 +00:00
|
|
|
|
ctx := context.WithValue(r.Context(), HostKey, host)
|
|
|
|
|
|
next.ServeHTTP(w, r.WithContext(ctx))
|
|
|
|
|
|
})
|
|
|
|
|
|
}
|
