diff --git a/main.go b/main.go index d363411..fe35bf7 100644 --- a/main.go +++ b/main.go @@ -19,8 +19,6 @@ import ( "gitlab.com/DeveloperDurp/DurpAPI/docs" ) -// var groupsenv = os.Getenv("groups") - // @title DurpAPI // @description API for Durp's needs // @termsOfService http://swagger.io/terms/ @@ -53,14 +51,11 @@ func main() { jokes := v1.Group("/jokes") { jokes.GET("dadjoke", c.GetDadJoke) - - //jokes.Use(authMiddleware([]string{"rw-jokes"})) jokes.POST("dadjoke", c.PostDadJoke) jokes.DELETE("dadjoke", c.DeleteDadJoke) } openai := v1.Group("/openai") { - //openai.Use(authMiddleware([]string{"openai"})) openai.GET("general", c.GeneralOpenAI) openai.GET("travelagent", c.TravelAgentOpenAI) } @@ -76,130 +71,4 @@ func main() { if err != nil { fmt.Println("Failed to start server") } -} - -func authMiddleware(allowedGroups []string) gin.HandlerFunc { - return func(c *gin.Context) { - var groups []string - JwksURL := os.Getenv("jwksurl") - tokenString := c.GetHeader("Authorization") - if tokenString != "" { - tokenString = strings.TrimPrefix(tokenString, "Bearer ") - - ctx, cancel := context.WithCancel(context.Background()) - - options := keyfunc.Options{ - Ctx: ctx, - RefreshErrorHandler: func(err error) { - log.Printf("There was an error with the jwt.Keyfunc\nError: %s", err.Error()) - }, - RefreshInterval: time.Hour, - RefreshRateLimit: time.Minute * 5, - RefreshTimeout: time.Second * 10, - RefreshUnknownKID: true, - } - - jwks, err := keyfunc.Get(JwksURL, options) - if err != nil { - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{ - "message": "Failed to create JWKS: " + err.Error(), - }) - cancel() - jwks.EndBackground() - return - } - - token, err := jwt.Parse(tokenString, jwks.Keyfunc) - if err != nil { - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{ - "message": err.Error(), - }) - cancel() - jwks.EndBackground() - return - } - - if !token.Valid { - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{ - "message": "Invalid Token: " + err.Error(), - }) - cancel() - jwks.EndBackground() - return - } - - cancel() - jwks.EndBackground() - - claims, ok := token.Claims.(jwt.MapClaims) - if !ok { - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{ - "message": "Invalid authorization token claims", - }) - return - } - - groupsClaim, ok := claims["groups"].([]interface{}) - if !ok { - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{ - "message": "Missing or invalid groups claim in the authorization token", - }) - return - } - - for _, group := range groupsClaim { - if groupName, ok := group.(string); ok { - groups = append(groups, groupName) - } - } - } else { - groupsHeader := c.GetHeader("X-Authentik-Groups") - - if groupsHeader == "" { - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{ - "message": "No token or groups detected", - }) - return - } - - requestHeaders := c.Request.Header - for key, values := range requestHeaders { - for _, value := range values { - println(key + ": " + value) - } - } - - // Dump response headers - responseHeaders := c.Writer.Header() - for key, values := range responseHeaders { - for _, value := range values { - println(key + ": " + value) - } - } - groups = strings.Split(groupsHeader, "|") - } - - isAllowed := false - for _, allowedGroup := range allowedGroups { - for _, group := range groups { - if group == allowedGroup { - isAllowed = true - break - } - } - if isAllowed { - break - } - } - - if !isAllowed { - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{ - "message": "Unauthorized access", - "groups": groups, - }) - return - } - - c.Next() - } -} +} \ No newline at end of file