maps-service/pkg/service/security.go

112 lines
2.4 KiB
Go
Raw Normal View History

2024-11-29 13:58:47 -08:00
package service
import (
"context"
2024-12-12 17:29:20 -05:00
"errors"
2024-11-29 13:58:47 -08:00
"git.itzana.me/strafesnet/go-grpc/auth"
2024-12-12 17:29:20 -05:00
"git.itzana.me/strafesnet/maps-service/pkg/api"
2024-11-29 13:58:47 -08:00
)
var (
// ErrMissingSessionID there is no session id
ErrMissingSessionID = errors.New("SessionID missing")
// ErrInvalidSession caller does not have a valid session
ErrInvalidSession = errors.New("Session invalid")
)
type Role int32
2024-11-29 13:58:47 -08:00
var (
// has ScriptWrite
RoleQuat Role = 255
2024-12-10 18:23:23 -08:00
// has SubmissionPublish
RoleMapAdmin Role = 128
2024-12-10 18:23:23 -08:00
// has SubmissionReview
RoleMapCouncil Role = 64
2024-11-29 13:58:47 -08:00
)
type UserInfo struct {
// Would love to know a better way to do this
svc *SecurityHandler
ctx *context.Context
sessionId string
}
2024-12-14 12:01:34 -08:00
func (usr UserInfo) GetUserID() (uint64, error) {
session, err := usr.svc.Client.GetSessionUser(*usr.ctx, &auth.IdMessage{
SessionID: usr.sessionId,
})
if err != nil {
return 0, err
}
return session.UserID, nil
2024-11-29 13:58:47 -08:00
}
func (usr UserInfo) IsSubmitter(submitter uint64) (bool, error) {
userId, err := usr.GetUserID()
if err != nil {
return false, err
}
return userId == submitter, nil
}
func (usr UserInfo) hasRole(role Role) (bool, error) {
roles, err := usr.svc.Client.GetGroupRole(*usr.ctx, &auth.IdMessage{
SessionID: usr.sessionId,
})
if err != nil {
return false, err
}
2024-11-29 13:58:47 -08:00
for _, r := range roles.Roles {
if int32(role) <= r.Rank {
return true, nil
}
}
return false, nil
2024-11-29 13:58:47 -08:00
}
// RoleThumbnail
// RoleMapDownload
func (usr UserInfo) HasRoleSubmissionRelease() (bool, error) {
return usr.hasRole(RoleMapAdmin)
}
func (usr UserInfo) HasRoleSubmissionReview() (bool, error) {
return usr.hasRole(RoleMapCouncil)
}
func (usr UserInfo) HasRoleScriptWrite() (bool, error) {
return usr.hasRole(RoleQuat)
}
/// Not implemented
func (usr UserInfo) HasRoleMaptest() (bool, error) {
println("HasRoleMaptest is not implemented!")
return false, nil
2024-11-29 13:58:47 -08:00
}
type SecurityHandler struct {
2024-12-09 20:10:23 -08:00
Client auth.AuthServiceClient
2024-11-29 13:58:47 -08:00
}
2024-12-12 17:29:20 -05:00
func (svc SecurityHandler) HandleCookieAuth(ctx context.Context, operationName api.OperationName, t api.CookieAuth) (context.Context, error) {
2024-11-29 13:58:47 -08:00
sessionId := t.GetAPIKey()
if sessionId == "" {
return nil, ErrMissingSessionID
}
2024-12-09 20:10:23 -08:00
validate, err := svc.Client.ValidateSession(ctx, &auth.IdMessage{
2024-11-29 13:58:47 -08:00
SessionID: sessionId,
})
2024-12-12 17:29:20 -05:00
if err != nil {
2024-11-29 13:58:47 -08:00
return nil, err
}
2024-12-12 17:29:20 -05:00
if !validate.Valid {
2024-11-29 13:58:47 -08:00
return nil, ErrInvalidSession
}
newCtx := context.WithValue(ctx, "UserInfo", UserInfo{
svc: &svc,
ctx: &ctx,
sessionId: sessionId,
2024-11-29 13:58:47 -08:00
})
return newCtx, nil
}