legalgo-BE-go/internal/api/http/middleware/auth/authorize.go

package authmiddleware

// import (
// 	"context"
// 	"fmt"
// 	"net/http"
// 	"strings"

// 	redisaccessor "legalgo-BE-go/internal/accessor/redis"
// 	contextkeyenum "legalgo-BE-go/internal/enums/context_key"
// 	jwtclaimenum "legalgo-BE-go/internal/enums/jwt"
// 	resourceenum "legalgo-BE-go/internal/enums/resource"
// 	"legalgo-BE-go/internal/services/auth"
// 	"github.com/golang-jwt/jwt/v5"
// )

// const SessionHeader = "Authorization"

// func Authorization() func(next http.Handler) http.Handler {
// 	return func(next http.Handler) http.Handler {
// 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// 			ctx := r.Context()

// 			tokenString, err := GetToken(r)
// 			if err != nil {
// 				RespondWithError(w, r, err, "Invalid auth header")
// 				return
// 			}

// 			token, err := ValidateToken(ctx, tokenString)
// 			if err != nil {
// 				RespondWithError(w, r, err, err.Error())
// 				return
// 			}

// 			if isAuthorized, ctx := VerifyClaims(ctx, token, nil); !isAuthorized {
// 				RespondWithError(w, r, errorcode.ErrCodeUnauthorized, errorcode.ErrCodeUnauthorized.Message)
// 				return
// 			} else {
// 				next.ServeHTTP(w, r.WithContext(ctx))
// 				return
// 			}
// 		})
// 	}
// }

// func GetToken(r *http.Request) (string, error) {
// 	tokenString := GetTokenFromHeader(r)
// 	if tokenString == "" {
// 		tokenString = getTokenFromQuery(r)
// 	}

// 	if tokenString == "" {
// 		return "", fmt.Errorf("token not found")
// 	}

// 	return tokenString, nil
// }

// func GetTokenFromHeader(r *http.Request) string {
// 	session := r.Header.Get(SessionHeader)
// 	arr := strings.Split(session, " ")

// 	if len(arr) != 2 || strings.ToUpper(arr[0]) != "BEARER" {
// 		return ""
// 	}

// 	return arr[1]
// }

// func getTokenFromQuery(r *http.Request) string {
// 	token := r.URL.Query().Get("token")
// 	return token
// }

// func VerifyClaims(ctx context.Context, token *jwt.Token,
// 	requiredResources []resourceenum.Resource) (bool, context.Context) {
// 	if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
// 		rawResources := []interface{}{}
// 		if claimValue, exist := claims[string(jwtclaimenum.RESOURCES)]; exist {
// 			rawResources = claimValue.([]interface{})
// 		}

// 		resources := []resourceenum.Resource{}
// 		resourceMap := map[string]bool{}

// 		for _, v := range rawResources {
// 			value := v.(string)
// 			resources = append(resources, resourceenum.Resource(value))
// 			resourceMap[value] = true
// 		}

// 		ctx = context.WithValue(ctx, contextkeyenum.Authorization, UserAuthorization{
// 			Type:      claims[string(jwtclaimenum.TYPE)].(string),
// 			UserId:    claims[string(jwtclaimenum.AUDIENCE)].(string),
// 			Username:  claims[string(jwtclaimenum.USERNAME)].(string),
// 			Resources: resources,
// 		})

// 		isResourceFulfilled := false

// 		for _, v := range requiredResources {
// 			if _, ok := resourceMap[string(v)]; ok {
// 				isResourceFulfilled = true
// 				ctx = context.WithValue(ctx, contextkeyenum.Resource, v)

// 				break
// 			}
// 		}

// 		if isResourceFulfilled || len(requiredResources) == 0 {
// 			return true, ctx
// 		}
// 	}

// 	return false, nil
// }

// func ValidateToken(ctx context.Context, tokenString string) (*jwt.Token, error) {
// 	redisClient := redisaccessor.Get()
// 	redisToken, err := redisClient.Exists(ctx, fmt.Sprintf("%s:%s", auth.BLACKLISTED_TOKEN_KEY, tokenString)).Result()

// 	if err != nil || redisToken > 0 {
// 		return nil, fmt.Errorf("session already expired")
// 	}

// 	token, err := jwt.Parse(tokenString, authsvc.VerifyToken(conf.JWTAccessToken))
// 	if err != nil {
// 		if ve, ok := err.(*jwt.ValidationError); ok {
// 			if ve.Errors&jwt.ValidationErrorExpired != 0 {
// 				err = errorcode.ErrCodeExpiredToken
// 			}
// 		}
// 		return nil, err
// 	}

// 	return token, nil
// }
feat: CR login, register, subscribe 2025-02-24 16:48:20 +08:00			`package authmiddleware`

			`// import (`
			`// "context"`
			`// "fmt"`
			`// "net/http"`
			`// "strings"`

refactor: update module name and adjust import paths to legalgo-BE-go 2025-02-27 07:25:25 +08:00			`// redisaccessor "legalgo-BE-go/internal/accessor/redis"`
			`// contextkeyenum "legalgo-BE-go/internal/enums/context_key"`
			`// jwtclaimenum "legalgo-BE-go/internal/enums/jwt"`
			`// resourceenum "legalgo-BE-go/internal/enums/resource"`
			`// "legalgo-BE-go/internal/services/auth"`
feat: CR login, register, subscribe 2025-02-24 16:48:20 +08:00			`// "github.com/golang-jwt/jwt/v5"`
			`// )`

			`// const SessionHeader = "Authorization"`

			`// func Authorization() func(next http.Handler) http.Handler {`
			`// return func(next http.Handler) http.Handler {`
			`// return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`// ctx := r.Context()`

			`// tokenString, err := GetToken(r)`
			`// if err != nil {`
			`// RespondWithError(w, r, err, "Invalid auth header")`
			`// return`
			`// }`

			`// token, err := ValidateToken(ctx, tokenString)`
			`// if err != nil {`
			`// RespondWithError(w, r, err, err.Error())`
			`// return`
			`// }`

			`// if isAuthorized, ctx := VerifyClaims(ctx, token, nil); !isAuthorized {`
			`// RespondWithError(w, r, errorcode.ErrCodeUnauthorized, errorcode.ErrCodeUnauthorized.Message)`
			`// return`
			`// } else {`
			`// next.ServeHTTP(w, r.WithContext(ctx))`
			`// return`
			`// }`
			`// })`
			`// }`
			`// }`

			`// func GetToken(r *http.Request) (string, error) {`
			`// tokenString := GetTokenFromHeader(r)`
			`// if tokenString == "" {`
			`// tokenString = getTokenFromQuery(r)`
			`// }`

			`// if tokenString == "" {`
			`// return "", fmt.Errorf("token not found")`
			`// }`

			`// return tokenString, nil`
			`// }`

			`// func GetTokenFromHeader(r *http.Request) string {`
			`// session := r.Header.Get(SessionHeader)`
			`// arr := strings.Split(session, " ")`

			`// if len(arr) != 2 \|\| strings.ToUpper(arr[0]) != "BEARER" {`
			`// return ""`
			`// }`

			`// return arr[1]`
			`// }`

			`// func getTokenFromQuery(r *http.Request) string {`
			`// token := r.URL.Query().Get("token")`
			`// return token`
			`// }`

			`// func VerifyClaims(ctx context.Context, token *jwt.Token,`
			`// requiredResources []resourceenum.Resource) (bool, context.Context) {`
			`// if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {`
			`// rawResources := []interface{}{}`
			`// if claimValue, exist := claims[string(jwtclaimenum.RESOURCES)]; exist {`
			`// rawResources = claimValue.([]interface{})`
			`// }`

			`// resources := []resourceenum.Resource{}`
			`// resourceMap := map[string]bool{}`

			`// for _, v := range rawResources {`
			`// value := v.(string)`
			`// resources = append(resources, resourceenum.Resource(value))`
			`// resourceMap[value] = true`
			`// }`

			`// ctx = context.WithValue(ctx, contextkeyenum.Authorization, UserAuthorization{`
			`// Type: claims[string(jwtclaimenum.TYPE)].(string),`
			`// UserId: claims[string(jwtclaimenum.AUDIENCE)].(string),`
			`// Username: claims[string(jwtclaimenum.USERNAME)].(string),`
			`// Resources: resources,`
			`// })`

			`// isResourceFulfilled := false`

			`// for _, v := range requiredResources {`
			`// if _, ok := resourceMap[string(v)]; ok {`
			`// isResourceFulfilled = true`
			`// ctx = context.WithValue(ctx, contextkeyenum.Resource, v)`

			`// break`
			`// }`
			`// }`

			`// if isResourceFulfilled \|\| len(requiredResources) == 0 {`
			`// return true, ctx`
			`// }`
			`// }`

			`// return false, nil`
			`// }`

			`// func ValidateToken(ctx context.Context, tokenString string) (*jwt.Token, error) {`
			`// redisClient := redisaccessor.Get()`
			`// redisToken, err := redisClient.Exists(ctx, fmt.Sprintf("%s:%s", auth.BLACKLISTED_TOKEN_KEY, tokenString)).Result()`

			`// if err != nil \|\| redisToken > 0 {`
			`// return nil, fmt.Errorf("session already expired")`
			`// }`

			`// token, err := jwt.Parse(tokenString, authsvc.VerifyToken(conf.JWTAccessToken))`
			`// if err != nil {`
			`// if ve, ok := err.(*jwt.ValidationError); ok {`
			`// if ve.Errors&jwt.ValidationErrorExpired != 0 {`
			`// err = errorcode.ErrCodeExpiredToken`
			`// }`
			`// }`
			`// return nil, err`
			`// }`

			`// return token, nil`
			`// }`