maps-service/pkg/service/security.go

package service

import (
	"context"
	"errors"
	"git.itzana.me/strafesnet/go-grpc/auth"
	"git.itzana.me/strafesnet/maps-service/pkg/api"
)

var (
	// ErrMissingSessionID there is no session id
	ErrMissingSessionID = errors.New("SessionID missing")
	// ErrInvalidSession caller does not have a valid session
	ErrInvalidSession = errors.New("Session invalid")
)

var (
	// has SubmissionPublish
	RoleMapAdmin int32 = 128
	// has SubmissionReview
	RoleMapCouncil int32 = 64
)

type Roles struct {
	// human roles
	SubmissionRelease bool
	SubmissionReview  bool
	ScriptWrite       bool
	// Thumbnail bool
	// MapDownload

	// automated roles
	Maptest   bool
}

type UserInfo struct {
	Roles  Roles
	UserID uint64
}

func (usr UserInfo) IsSubmitter(submitter uint64) bool {
	return usr.UserID == submitter
}

type SecurityHandler struct {
	Client auth.AuthServiceClient
}

func (svc SecurityHandler) HandleCookieAuth(ctx context.Context, operationName api.OperationName, t api.CookieAuth) (context.Context, error) {
	sessionId := t.GetAPIKey()
	if sessionId == "" {
		return nil, ErrMissingSessionID
	}

	session, err := svc.Client.GetSessionUser(ctx, &auth.IdMessage{
		SessionID: sessionId,
	})
	if err != nil {
		return nil, err
	}

	role, err := svc.Client.GetGroupRole(ctx, &auth.IdMessage{
		SessionID: sessionId,
	})
	if err != nil {
		return nil, err
	}

	validate, err := svc.Client.ValidateSession(ctx, &auth.IdMessage{
		SessionID: sessionId,
	})
	if err != nil {
		return nil, err
	}
	if !validate.Valid {
		return nil, ErrInvalidSession
	}

	roles := Roles{}

	// fix this when roblox udpates group roles
	for _, r := range role.Roles {
		if RoleMapAdmin <= r.Rank {
			roles.SubmissionRelease = true
		}
		if RoleMapCouncil <= r.Rank {
			roles.SubmissionReview = true
		}
	}

	newCtx := context.WithValue(ctx, "UserInfo", UserInfo{
		Roles:  roles,
		UserID: session.UserID,
	})

	return newCtx, nil
}
auth 2024-11-29 21:58:47 +00:00			`package service`

			`import (`
			`"context"`
Unquatification 2024-12-12 22:29:20 +00:00			`"errors"`
auth 2024-11-29 21:58:47 +00:00			`"git.itzana.me/strafesnet/go-grpc/auth"`
Unquatification 2024-12-12 22:29:20 +00:00			`"git.itzana.me/strafesnet/maps-service/pkg/api"`
auth 2024-11-29 21:58:47 +00:00			`)`

			`var (`
			`// ErrMissingSessionID there is no session id`
			`ErrMissingSessionID = errors.New("SessionID missing")`
			`// ErrInvalidSession caller does not have a valid session`
			`ErrInvalidSession = errors.New("Session invalid")`
			`)`

			`var (`
fix roles 2024-12-11 02:23:23 +00:00			`// has SubmissionPublish`
Unquatification 2024-12-12 22:29:20 +00:00			`RoleMapAdmin int32 = 128`
fix roles 2024-12-11 02:23:23 +00:00			`// has SubmissionReview`
			`RoleMapCouncil int32 = 64`
auth 2024-11-29 21:58:47 +00:00			`)`

			`type Roles struct {`
tweak roles 2024-12-06 03:10:01 +00:00			`// human roles`
submissions: refactor publishing model 2024-12-14 12:06:49 +00:00			`SubmissionRelease bool`
Unquatification 2024-12-12 22:29:20 +00:00			`SubmissionReview bool`
			`ScriptWrite bool`
roles: potential future roles 2024-12-14 20:01:34 +00:00			`// Thumbnail bool`
			`// MapDownload`

tweak roles 2024-12-06 03:10:01 +00:00			`// automated roles`
Unquatification 2024-12-12 22:29:20 +00:00			`Maptest bool`
auth 2024-11-29 21:58:47 +00:00			`}`

			`type UserInfo struct {`
Unquatification 2024-12-12 22:29:20 +00:00			`Roles Roles`
userids and asset ids are uint64 2024-12-11 03:18:04 +00:00			`UserID uint64`
auth 2024-11-29 21:58:47 +00:00			`}`

Unquatification 2024-12-12 22:29:20 +00:00			`func (usr UserInfo) IsSubmitter(submitter uint64) bool {`
auth 2024-11-29 21:58:47 +00:00			`return usr.UserID == submitter`
			`}`

			`type SecurityHandler struct {`
produce less garbage 2024-12-10 04:10:23 +00:00			`Client auth.AuthServiceClient`
auth 2024-11-29 21:58:47 +00:00			`}`

Unquatification 2024-12-12 22:29:20 +00:00			`func (svc SecurityHandler) HandleCookieAuth(ctx context.Context, operationName api.OperationName, t api.CookieAuth) (context.Context, error) {`
auth 2024-11-29 21:58:47 +00:00			`sessionId := t.GetAPIKey()`
			`if sessionId == "" {`
			`return nil, ErrMissingSessionID`
			`}`

produce less garbage 2024-12-10 04:10:23 +00:00			`session, err := svc.Client.GetSessionUser(ctx, &auth.IdMessage{`
auth 2024-11-29 21:58:47 +00:00			`SessionID: sessionId,`
			`})`
Unquatification 2024-12-12 22:29:20 +00:00			`if err != nil {`
auth 2024-11-29 21:58:47 +00:00			`return nil, err`
			`}`

produce less garbage 2024-12-10 04:10:23 +00:00			`role, err := svc.Client.GetGroupRole(ctx, &auth.IdMessage{`
auth 2024-11-29 21:58:47 +00:00			`SessionID: sessionId,`
			`})`
Unquatification 2024-12-12 22:29:20 +00:00			`if err != nil {`
auth 2024-11-29 21:58:47 +00:00			`return nil, err`
			`}`

produce less garbage 2024-12-10 04:10:23 +00:00			`validate, err := svc.Client.ValidateSession(ctx, &auth.IdMessage{`
auth 2024-11-29 21:58:47 +00:00			`SessionID: sessionId,`
			`})`
Unquatification 2024-12-12 22:29:20 +00:00			`if err != nil {`
auth 2024-11-29 21:58:47 +00:00			`return nil, err`
			`}`
Unquatification 2024-12-12 22:29:20 +00:00			`if !validate.Valid {`
auth 2024-11-29 21:58:47 +00:00			`return nil, ErrInvalidSession`
			`}`

			`roles := Roles{}`

			`// fix this when roblox udpates group roles`
Unquatification 2024-12-12 22:29:20 +00:00			`for _, r := range role.Roles {`
			`if RoleMapAdmin <= r.Rank {`
submissions: refactor publishing model 2024-12-14 12:06:49 +00:00			`roles.SubmissionRelease = true`
auth 2024-11-29 21:58:47 +00:00			`}`
Unquatification 2024-12-12 22:29:20 +00:00			`if RoleMapCouncil <= r.Rank {`
tweak roles 2024-12-06 03:10:01 +00:00			`roles.SubmissionReview = true`
auth 2024-11-29 21:58:47 +00:00			`}`
			`}`

			`newCtx := context.WithValue(ctx, "UserInfo", UserInfo{`
Unquatification 2024-12-12 22:29:20 +00:00			`Roles: roles,`
userids and asset ids are uint64 2024-12-11 03:18:04 +00:00			`UserID: session.UserID,`
auth 2024-11-29 21:58:47 +00:00			`})`

			`return newCtx, nil`
			`}`