admin/honeyDueAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5e95dcd0153614ba2bc7553c709b1aca2120e274
honeyDueAPI/internal/middleware/admin_auth.go
Trey t 469f21a833 Add PDF reports, file uploads, admin auth, and comprehensive tests 
Features:
- PDF service for generating task reports with ReportLab-style formatting
- Storage service for file uploads (local and S3-compatible)
- Admin authentication middleware with JWT support
- Admin user model and repository

Infrastructure:
- Updated Docker configuration for admin panel builds
- Email service enhancements for task notifications
- Updated router with admin and file upload routes
- Environment configuration updates

Tests:
- Unit tests for handlers (auth, residence, task)
- Unit tests for models (user, residence, task)
- Unit tests for repositories (user, residence, task)
- Unit tests for services (residence, task)
- Integration test setup
- Test utilities for mocking database and services

Database:
- Admin user seed data
- Updated test data seeds

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-27 23:36:20 -06:00

130 lines
3.6 KiB
Go
Raw Blame History

package middleware
import (
"errors"
"net/http"
"strings"
"time"
"github.com/gin-gonic/gin"
"github.com/golang-jwt/jwt/v5"
"github.com/treytartt/mycrib-api/internal/config"
"github.com/treytartt/mycrib-api/internal/models"
"github.com/treytartt/mycrib-api/internal/repositories"
)
const (
// AdminUserKey is the context key for the authenticated admin user
AdminUserKey = "admin_user"
// AdminClaimsKey is the context key for JWT claims
AdminClaimsKey = "admin_claims"
)
// AdminClaims represents the JWT claims for admin authentication
type AdminClaims struct {
AdminID uint `json:"admin_id"`
Email string `json:"email"`
Role models.AdminRole `json:"role"`
jwt.RegisteredClaims
}
// AdminAuthMiddleware creates a middleware that validates admin JWT tokens
func AdminAuthMiddleware(cfg *config.Config, adminRepo *repositories.AdminRepository) gin.HandlerFunc {
return func(c *gin.Context) {
// Get token from Authorization header
authHeader := c.GetHeader("Authorization")
if authHeader == "" {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Authorization header required"})
return
}
// Check Bearer prefix
parts := strings.SplitN(authHeader, " ", 2)
if len(parts) != 2 || strings.ToLower(parts[0]) != "bearer" {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid authorization header format"})
return
}
tokenString := parts[1]
// Parse and validate token
claims := &AdminClaims{}
token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
// Validate signing method
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, errors.New("invalid signing method")
}
return []byte(cfg.Security.SecretKey), nil
})
if err != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid token"})
return
}
if !token.Valid {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Token is not valid"})
return
}
// Get admin user from database
admin, err := adminRepo.FindByID(claims.AdminID)
if err != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Admin user not found"})
return
}
// Check if admin is active
if !admin.IsActive {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Admin account is disabled"})
return
}
// Store admin and claims in context
c.Set(AdminUserKey, admin)
c.Set(AdminClaimsKey, claims)
c.Next()
}
}
// GenerateAdminToken creates a new JWT token for an admin user
func GenerateAdminToken(admin *models.AdminUser, cfg *config.Config) (string, error) {
// Token expires in 24 hours
expirationTime := time.Now().Add(24 * time.Hour)
claims := &AdminClaims{
AdminID: admin.ID,
Email: admin.Email,
Role: admin.Role,
RegisteredClaims: jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(expirationTime),
IssuedAt: jwt.NewNumericDate(time.Now()),
Subject: admin.Email,
},
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
return token.SignedString([]byte(cfg.Security.SecretKey))
}
// RequireSuperAdmin middleware requires the admin to have super_admin role
func RequireSuperAdmin() gin.HandlerFunc {
return func(c *gin.Context) {
admin, exists := c.Get(AdminUserKey)
if !exists {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Admin authentication required"})
return
}
adminUser := admin.(*models.AdminUser)
if !adminUser.IsSuperAdmin() {
c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "Super admin privileges required"})
return
}
c.Next()
}
}
Reference in New Issue View Git Blame Copy Permalink