routes/access.go at b527eba4a36b5b4135f9b866d773019faffaf4e5 · tangled.org/core

tangled.org / core

this repo has no description

core / routes / access.go

at b527eba4a36b5b4135f9b866d773019faffaf4e5 1.1 kB view raw

 1package routes
 2
 3import (
 4	"github.com/go-chi/chi/v5"
 5	"github.com/icyphox/bild/db"
 6	auth "github.com/icyphox/bild/routes/auth"
 7	"log"
 8	"net/http"
 9)
10
11func (h *Handle) AccessLevel(level db.Level) func(http.Handler) http.Handler {
12	return func(next http.Handler) http.Handler {
13		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
14			repoOwnerHandle := chi.URLParam(r, "user")
15			repoOwner, err := auth.ResolveIdent(r.Context(), repoOwnerHandle)
16			if err != nil {
17				log.Println("invalid did")
18				http.Error(w, "invalid did", http.StatusNotFound)
19				return
20			}
21			repoName := chi.URLParam(r, "name")
22			session, _ := h.s.Get(r, "bild-session")
23			did := session.Values["did"].(string)
24
25			userLevel, err := h.db.GetAccessLevel(did, repoOwner.DID.String(), repoName)
26			if err != nil || userLevel < level {
27				log.Printf("unauthorized access: %s accessing %s/%s\n", did, repoOwnerHandle, repoName)
28				log.Printf("wanted level: %s, got level %s", level.String(), userLevel.String())
29				http.Error(w, "Forbidden", http.StatusUnauthorized)
30				return
31			}
32			next.ServeHTTP(w, r)
33		})
34	}
35}