update

main.go

@@ -1,9 +1,9 @@
 package main
 
 import (
-	"context"
 	"fmt"
 	"net/http"
+	"strings"
 
 	"github.com/gin-gonic/gin"
 	swaggerFiles "github.com/swaggo/files"
@@ -11,25 +11,12 @@ import (
 	"gitlab.com/DeveloperDurp/DurpAPI/controller"
 	"gitlab.com/DeveloperDurp/DurpAPI/docs"
 	"gitlab.com/DeveloperDurp/DurpAPI/model"
-	"golang.org/x/oauth2"
 )
 
 var (
-	host    = model.Host
-	version = model.Version
-	Conf    = &oauth2.Config{
-		ClientID:     model.ClientID,
-		ClientSecret: model.ClientSecret,
-		RedirectURL:  model.RedirectURL,
-		Scopes: []string{
-			"email",
-			"groups",
-		},
-		Endpoint: oauth2.Endpoint{
-			AuthURL:  model.AuthURL,
-			TokenURL: model.TokenURL,
-		},
-	}
+	host      = model.Host
+	version   = model.Version
+	groupsenv = model.Groupsenv
 )
 
 //	@title			DurpAPI
@@ -37,18 +24,14 @@ var (
 //	@termsOfService	http://swagger.io/terms/
 
 //	@contact.name	API Support
-//	@contact.url	http://www.swagger.io/support
-//	@contact.email	support@swagger.io
+//	@contact.url	https://durp.info
+//	@contact.email	developerdurp@durp.info
 
 //	@license.name	Apache 2.0
 //	@license.url	http://www.apache.org/licenses/LICENSE-2.0.html
 
 //	@BasePath	/api/v1
 
-// @securityDefinitions.apikey ApiKeyAuth
-// @in header
-// @name Authorization
-
 func main() {
 
 	r := gin.Default()
@@ -62,26 +45,19 @@ func main() {
 		{
 			health.GET("getHealth", c.GetHealth)
 		}
-		token := v1.Group("/token")
-		{
-			token.GET("GenerateToken", c.GenerateToken(Conf))
-		}
 		openai := v1.Group("/openai")
 		{
-			//groups = []string{"openai"}
-			//openai.Use(authMiddleware())
+			openai.Use(authMiddleware([]string{"openai"}))
 			openai.GET("general", c.GeneralOpenAI)
 			openai.GET("travelagent", c.TravelAgentOpenAI)
 		}
 		unraid := v1.Group("/unraid")
 		{
-			//groups = []string{"unraid"}
-			//unraid.Use(authMiddleware())
+			unraid.Use(authMiddleware([]string{"unraid"}))
 			unraid.GET("powerusage", c.UnraidPowerUsage)
 		}
 	}
 	r.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler))
-	r.GET("/callback", CallbackHandler(Conf))
 
 	err := r.Run(":8080")
 	if err != nil {
@@ -89,27 +65,46 @@ func main() {
 	}
 }
 
-// CallbackHandler receives the authorization code and exchanges it for a token
-func CallbackHandler(conf *oauth2.Config) gin.HandlerFunc {
-	return func(c *gin.Context) {
-		// Get the authorization code from the query parameters
-		code := c.Query("code")
+func authMiddleware(allowedGroups []string) gin.HandlerFunc {
 
-		// Exchange the authorization code for a token
-		token, err := conf.Exchange(context.Background(), code)
-		if err != nil {
-			c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to exchange authorization code"})
+	return func(c *gin.Context) {
+
+		var groups []string
+
+		if groupsenv != "" {
+			groups = strings.Split(groupsenv, ",")
+		} else {
+			// Get the user groups from the request headers
+			groupsHeader := c.GetHeader("X-authentik-groups")
+
+			// Split the groups header value into individual groups
+			groups = strings.Split(groupsHeader, "|")
+		}
+
+		// Check if the user belongs to any of the allowed groups
+		isAllowed := false
+		for _, allowedGroup := range allowedGroups {
+			for _, group := range groups {
+				if group == allowedGroup {
+					isAllowed = true
+					break
+				}
+			}
+			if isAllowed {
+				break
+			}
+		}
+
+		// If the user is not in any of the allowed groups, respond with unauthorized access
+		if !isAllowed {
+			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
+				"message": "Unauthorized access",
+				"groups":  groups,
+			})
 			return
 		}
 
-		// Create a response JSON
-		response := gin.H{
-			"access_token":  token.AccessToken,
-			"token_type":    token.TokenType,
-			"refresh_token": token.RefreshToken,
-			"expiry":        token.Expiry,
-		}
-
-		c.JSON(http.StatusOK, response)
+		// Call the next handler
+		c.Next()
 	}
 }