53 lines
1.6 KiB
Go
53 lines
1.6 KiB
Go
package middleware
|
|
|
|
import (
|
|
"fmt"
|
|
castCtrl "github.com/ente-io/museum/pkg/controller/cast"
|
|
"github.com/ente-io/museum/pkg/utils/auth"
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/patrickmn/go-cache"
|
|
"net/http"
|
|
)
|
|
|
|
// CastMiddleware intercepts and authenticates incoming requests
|
|
type CastMiddleware struct {
|
|
Cache *cache.Cache
|
|
CastCtrl *castCtrl.Controller
|
|
}
|
|
|
|
// CastAuthMiddleware returns a middle ware that extracts the `X-AuthToken`
|
|
// within the header of a request and uses it to authenticate and insert the
|
|
// authenticated user to the request's `X-Auth-User-ID` field.
|
|
// If isJWT is true we use JWT token validation
|
|
func (m *CastMiddleware) CastAuthMiddleware() gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
token := auth.GetCastToken(c)
|
|
if token == "" {
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "cast access token missing"})
|
|
return
|
|
}
|
|
app := auth.GetApp(c)
|
|
cacheKey := fmt.Sprintf("%s:%s:%s", app, token, "cast")
|
|
cachedCastCtx, found := m.Cache.Get(cacheKey)
|
|
if !found {
|
|
castCtx, err := m.CastCtrl.GetCollectionAndCasterIDForToken(c, token)
|
|
if err != nil {
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid token"})
|
|
return
|
|
}
|
|
c.Set(auth.CastContext, castCtx)
|
|
m.Cache.Set(cacheKey, *castCtx, cache.DefaultExpiration)
|
|
c.Set(auth.CastContext, *castCtx)
|
|
} else {
|
|
c.Set(auth.CastContext, cachedCastCtx)
|
|
// validate async validate that the token is still active
|
|
go func() {
|
|
_, err := m.CastCtrl.GetCollectionAndCasterIDForToken(c, token)
|
|
if err != nil {
|
|
m.Cache.Delete(cacheKey)
|
|
}
|
|
}()
|
|
}
|
|
c.Next()
|
|
}
|
|
}
|