PenaSide/heruvym
3
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

rewrite midlleware to fiber

Browse Source
This commit is contained in:
Pavel 2024-09-25 13:18:19 +03:00
parent 2fb7cd5a02
commit 2746737891
4 changed files with 193 additions and 222 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
middleware/fiber_middleware.go
View File

@ -17,6 +17,7 @@ func JwtPlug(c *fiber.Ctx) error {
return c.Next() return c.Next()
} }
// todo оказывается то что и хттп я переписал, ну надо убрать потом думаю
func Jwt(c *fiber.Ctx) error { func Jwt(c *fiber.Ctx) error {
var ( var (
token, role string token, role string

263
middleware/http_middleware.go
View File

@ -1,14 +1,12 @@
package middleware package middleware
import ( import (
"context"
"fmt" "fmt"
"github.com/gofiber/fiber/v2"
"heruvym/jwt_adapter" "heruvym/jwt_adapter"
"net/http"
"strings" "strings"
"time" "time"
errors2 "github.com/pkg/errors"
"github.com/rs/xid" "github.com/rs/xid"
"github.com/themakers/hlog" "github.com/themakers/hlog"
) )
@ -38,23 +36,25 @@ func NewMiddleware(
} }
} }
func (mw *Middleware) MiddlewareLogger(next http.Handler) http.Handler { func (mw *Middleware) MiddlewareLogger(ctx *fiber.Ctx) error {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { mw.logger.Emit(DebugHttpRequest{
mw.logger.Emit(DebugHttpRequest{Url: r.URL.String()}) Url: ctx.OriginalURL(),
next.ServeHTTP(w, r)
}) })
return ctx.Next()
} }
func (mw *Middleware) MiddlewareOriginAccess(next http.Handler) http.Handler { func (mw *Middleware) MiddlewareOriginAccess(ctx *fiber.Ctx) error {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { origin := ctx.Get("Origin")
if len(r.Header["Origin"]) > 0 { if origin == "" {
if mw.allowedOrigins != "*" && !strings.Contains(mw.allowedOrigins, r.Header["Origin"][0]) { if mw.allowedOrigins != "*" && !strings.Contains(mw.allowedOrigins, origin) {
mw.logger.Emit(ErrorOriginAccess{Origin: r.Header["Origin"][0], Url: r.URL.String()}) mw.logger.Emit(ErrorOriginAccess{
return Origin: origin,
} Url: ctx.OriginalURL(),
}
next.ServeHTTP(w, r)
}) })
return ctx.SendStatus(fiber.StatusForbidden)
}
}
return ctx.Next()
} }
func recFn(rec interface{}) (int, string) { func recFn(rec interface{}) (int, string) {
@ -64,23 +64,22 @@ func recFn(rec interface{}) (int, string) {
) )
if err, ok := rec.(error); ok { if err, ok := rec.(error); ok {
code = http.StatusInternalServerError code = fiber.StatusInternalServerError
message = err.Error() message = err.Error()
} else { } else {
code = http.StatusInternalServerError code = fiber.StatusInternalServerError
message = fmt.Sprintf("%v", rec) message = fmt.Sprintf("%v", rec)
} }
return code, message return code, message
} }
func (mw *Middleware) MiddlewareRecovery(next http.Handler) http.Handler { func (mw *Middleware) MiddlewareRecovery(ctx *fiber.Ctx) error {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
defer func() { defer func() {
if rec := recover(); rec != nil { if rec := recover(); rec != nil {
code, message := recFn(rec) code, message := recFn(rec)
w.WriteHeader(code) ctx.Status(code)
if _, err := fmt.Fprint(w, message); err != nil { if _, err := ctx.WriteString(message); err != nil {
mw.logger.Emit(ErrorWritingPanicResponse{Err: err}) mw.logger.Emit(ErrorWritingPanicResponse{Err: err})
} }
mw.logger.Emit(ErrorPanicInHttpHandler{ mw.logger.Emit(ErrorPanicInHttpHandler{
@ -90,19 +89,18 @@ func (mw *Middleware) MiddlewareRecovery(next http.Handler) http.Handler {
}) })
} }
}() }()
next.ServeHTTP(w, r)
}) return ctx.Next()
} }
func (mw *Middleware) MiddlewareJwt(next http.Handler) http.Handler { func (mw *Middleware) MiddlewareJwt(ctx *fiber.Ctx) error {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
var ( var (
token, role string token, role string
adapter *jwt_adapter.JwtAdapter adapter *jwt_adapter.JwtAdapter
err error
) )
switch r.Header["Referer"][0] { switch ctx.Get("Referer") {
case "sadmin.pena": case "sadmin.pena":
role = "admin" role = "admin"
case "admin.pena": case "admin.pena":
@ -110,150 +108,133 @@ func (mw *Middleware) MiddlewareJwt(next http.Handler) http.Handler {
default: default:
role = "user" role = "user"
} }
ctx := context.WithValue(r.Context(), jwt_adapter.RoleKey, role)
tokenCookie, err := r.Cookie(jwt_adapter.DefaultHeaderKey) ctx.Locals(jwt_adapter.RoleKey, role)
fmt.Println("MW1", err) tokenCookie := ctx.Cookies(jwt_adapter.DefaultHeaderKey)
if err != nil { if tokenCookie == "" {
// Escape GET requests if ctx.Method() == "GET" {
if r.Method == http.MethodGet { return ctx.Next()
next.ServeHTTP(w, r.WithContext(ctx))
return
} }
headerToken := ctx.Get(jwt_adapter.DefaultHeaderKey)
fmt.Println("MW2", jwt_adapter.DefaultHeaderKey, r.Header[jwt_adapter.DefaultHeaderKey]) if headerToken == "" || !strings.HasPrefix(headerToken, "Bearer") {
if len(r.Header[jwt_adapter.DefaultHeaderKey]) <= 0 || !func(hdrs []string) bool { if ctx.Get(sessionKey) == "" {
if len(hdrs) == 0 {return false} sessCookie := ctx.Cookies(sessionKey)
fmt.Println("SS", hdrs[0]) if sessCookie == "" {
if hdrs[0] == "Bearer" || hdrs[0] == "Bearer " {
return false
}
return true
}(r.Header[jwt_adapter.DefaultHeaderKey]) {
fmt.Println("MW3", r.Header[sessionKey], sessionKey, r.Header)
if len(r.Header[sessionKey]) == 0 {
if sessCookie, err := r.Cookie(sessionKey); err != nil {
id := xid.New().String() id := xid.New().String()
adapter = &jwt_adapter.JwtAdapter{Id: id} adapter = &jwt_adapter.JwtAdapter{Id: id}
http.SetCookie(w, &http.Cookie{ ctx.Cookie(&fiber.Cookie{
Name: sessionKey, Name: sessionKey,
Value: id, Value: id,
Expires: time.Now().Add(time.Hour * 24 * 30), Expires: time.Now().Add(time.Hour * 24 * 30),
SameSite: http.SameSiteNoneMode, SameSite: fiber.CookieSameSiteNoneMode,
Secure: true, Secure: true,
}) })
fmt.Println("SSS", sessCookie, err)
} else { } else {
fmt.Println("SSS1", sessCookie.Value, err) adapter = &jwt_adapter.JwtAdapter{Id: sessCookie}
adapter = &jwt_adapter.JwtAdapter{Id: sessCookie.Value}
} }
} else { } else {
adapter = &jwt_adapter.JwtAdapter{Id: r.Header[sessionKey][0]} adapter = &jwt_adapter.JwtAdapter{Id: ctx.Get(sessionKey)}
} }
} else { } else {
token = r.Header[jwt_adapter.DefaultHeaderKey][0] token = strings.Replace(headerToken, "Bearer ", "", -1)
token = strings.Replace(token, "Bearer ", "", -1)
} }
} else { } else {
token = tokenCookie.Value token = tokenCookie
} }
if adapter == nil { if adapter == nil {
adapter, err = jwt_adapter.Decode(token) adapter, err = jwt_adapter.Decode(token)
if err != nil { if err != nil {
mw.logger.Emit(ErrorJwtAccess{Err: err}) mw.logger.Emit(ErrorJwtAccess{Err: err})
w.WriteHeader(http.StatusUnauthorized) return ctx.Status(fiber.StatusUnauthorized).SendString("Unauthorized")
return
} }
} }
err = setJwtHeader(adapter, w, mw.logger) err = setJwtHeader(adapter, ctx.Response(), mw.logger)
if err != nil { if err != nil {
mw.logger.Emit(ErrorJwtAccess{Err: err}) mw.logger.Emit(ErrorJwtAccess{Err: err})
w.WriteHeader(http.StatusUnauthorized) return ctx.Status(fiber.StatusUnauthorized).SendString("Unauthorized")
return
} }
ctx = context.WithValue(ctx, jwt_adapter.DefaultHeaderKey, adapter) ctx.Locals(jwt_adapter.DefaultHeaderKey, adapter)
next.ServeHTTP(w, r.WithContext(ctx)) return ctx.Next()
})
} }
func getJwtUserId(r *http.Request) (string, error) { func (mw *Middleware) ExtractHostMiddleware(ctx *fiber.Ctx) error {
if jwtAdapter, ok := r.Context().Value(jwt_adapter.DefaultHeaderKey).(*jwt_adapter.JwtAdapter); ok { host := ctx.Get("Referer")
return jwtAdapter.Id, nil if host != "" {
ctx.Locals(HostKey, host)
} }
return ctx.Next()
return "", errors2.New("no token in context")
} }
func (mw *Middleware) MiddlewareRoleAccess(next http.Handler) http.Handler { // todo useless?
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { //func getJwtUserId(r *http.Request) (string, error) {
// Если доступ по роли задан // if jwtAdapter, ok := r.Context().Value(jwt_adapter.DefaultHeaderKey).(*jwt_adapter.JwtAdapter); ok {
if allowedRoles, ok := mw.allowedRoles[r.URL.Path]; ok { // return jwtAdapter.Id, nil
// }
// Если роли не указаны //
if allowedRoles == "" { // return "", errors2.New("no token in context")
next.ServeHTTP(w, r) //}
return //
} //func (mw *Middleware) MiddlewareRoleAccess(next http.Handler) http.Handler {
/* // return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
id, err := getJwtUserId(r) // // Если доступ по роли задан
// if allowedRoles, ok := mw.allowedRoles[r.URL.Path]; ok {
if err != nil { //
mw.logger.Emit(ErrorRoleAccess{Err: err}) // // Если роли не указаны
http.Error(w, "internal server error", http.StatusInternalServerError) // if allowedRoles == "" {
return // next.ServeHTTP(w, r)
}*/ // return
/* // }
role, err := mw.mongo.GetProfileRole(r.Context(), id) // /*
// id, err := getJwtUserId(r)
if err != nil { //
mw.logger.Emit(ErrorRoleAccess{Err: err}) // if err != nil {
http.Error(w, "internal server error", http.StatusInternalServerError) // mw.logger.Emit(ErrorRoleAccess{Err: err})
return // http.Error(w, "internal server error", http.StatusInternalServerError)
} // return
*/ // }*/
// Если у пользователя не задана роль - блокируем доступ // /*
/* if role == "" { // role, err := mw.mongo.GetProfileRole(r.Context(), id)
err = errors.UserHaveNoRole("User have no role") //
mw.logger.Emit(ErrorRoleAccess{err}) // if err != nil {
http.Error(w, err.Error(), http.StatusForbidden) // mw.logger.Emit(ErrorRoleAccess{Err: err})
return // http.Error(w, "internal server error", http.StatusInternalServerError)
} // return
// }
// Если указан астериск - доступ имеет любая роль // */
if !(allowedRoles == "*" || strings.Contains(allowedRoles, role)) { // // Если у пользователя не задана роль - блокируем доступ
err = errors.UserHaveNoRole("User role not allowed") // /* if role == "" {
mw.logger.Emit(ErrorRoleAccess{err}) // err = errors.UserHaveNoRole("User have no role")
http.Error(w, err.Error(), http.StatusForbidden) // mw.logger.Emit(ErrorRoleAccess{err})
return // http.Error(w, err.Error(), http.StatusForbidden)
}*/ // return
} // }
//
next.ServeHTTP(w, r) // // Если указан астериск - доступ имеет любая роль
}) // if !(allowedRoles == "*" || strings.Contains(allowedRoles, role)) {
} // err = errors.UserHaveNoRole("User role not allowed")
// mw.logger.Emit(ErrorRoleAccess{err})
// MiddlewareJwtPlug jwt заглушка для отладки кода, удалить в релизе // http.Error(w, err.Error(), http.StatusForbidden)
/* // return
func (mw *Middleware) MiddlewareJwtPlug(next http.Handler) http.Handler { // }*/
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // }
adapter := jwt_adapter.JwtAdapter{ID: "604b79aced1d431b9e911f56"} //
adapter.Init() // next.ServeHTTP(w, r)
adapter.SetUserID("604b79aced1d431b9e911f56") // })
ctx := context.WithValue(r.Context(), "JWT", &adapter) //}
//
next.ServeHTTP(w, r.WithContext(ctx)) //// MiddlewareJwtPlug jwt заглушка для отладки кода, удалить в релизе
}) ///*
} //func (mw *Middleware) MiddlewareJwtPlug(next http.Handler) http.Handler {
*/ // return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// adapter := jwt_adapter.JwtAdapter{ID: "604b79aced1d431b9e911f56"}
func (mw *Middleware) ExtractHostMiddleware(next http.Handler) http.Handler { // adapter.Init()
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // adapter.SetUserID("604b79aced1d431b9e911f56")
host := r.Header["Referer"][0] // ctx := context.WithValue(r.Context(), "JWT", &adapter)
ctx := context.WithValue(r.Context(), HostKey, host) //
next.ServeHTTP(w, r.WithContext(ctx)) // next.ServeHTTP(w, r.WithContext(ctx))
}) // })
} //}
//*/

8
middleware/middleware.go
View File

@ -1,12 +1,12 @@
package middleware package middleware
import ( import (
"heruvym/jwt_adapter" "github.com/gofiber/fiber/v2"
"net/http"
"github.com/themakers/hlog" "github.com/themakers/hlog"
"heruvym/jwt_adapter"
) )
func setJwtHeader(adapter *jwt_adapter.JwtAdapter, w http.ResponseWriter, logger hlog.Logger) error { // todo useless?
func setJwtHeader(adapter *jwt_adapter.JwtAdapter, w *fiber.Response, logger hlog.Logger) error {
return nil return nil
} }

31
middleware/sse_middleware.go
View File

@ -1,39 +1,28 @@
package middleware package middleware
import ( import (
"context" "github.com/gofiber/fiber/v2"
"heruvym/jwt_adapter" "heruvym/jwt_adapter"
"net/http"
) )
func (mw *Middleware) MiddlewareGetJwt(next http.Handler) http.Handler { func (mw *Middleware) MiddlewareGetJwt(c *fiber.Ctx) error {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if c.Method() != fiber.MethodGet {
// Escape non-GET requests return c.Next()
if r.Method != http.MethodGet {
next.ServeHTTP(w, r)
return
} }
ctx := r.Context()
bearer := r.URL.Query().Get(jwt_adapter.DefaultHeaderKey) bearer := c.Query(jwt_adapter.DefaultHeaderKey)
if bearer != "" { if bearer != "" {
adapter, err := jwt_adapter.Decode(bearer) adapter, err := jwt_adapter.Decode(bearer)
if err == nil { if err == nil {
//mw.logger.Emit(ErrorJwtAccess{Err: err}) c.Locals(jwt_adapter.DefaultHeaderKey, adapter)
//w.WriteHeader(http.StatusUnauthorized)
//return
ctx = context.WithValue(r.Context(), jwt_adapter.DefaultHeaderKey, adapter)
//
} }
} else { } else {
sess := r.URL.Query().Get("s") sess := c.Query("s")
if sess == "" { if sess == "" {
return return nil
} }
ctx = context.WithValue(r.Context(), jwt_adapter.DefaultHeaderKey, &jwt_adapter.JwtAdapter{Id: sess}) c.Locals(jwt_adapter.DefaultHeaderKey, &jwt_adapter.JwtAdapter{Id: sess})
} }
next.ServeHTTP(w, r.WithContext(ctx)) return c.Next()
})
} }