update
This commit is contained in:
@@ -1,41 +1,85 @@
|
||||
package controller
|
||||
|
||||
import (
|
||||
"os"
|
||||
"log"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
openai "github.com/sashabaranov/go-openai"
|
||||
"github.com/caarlos0/env/v6"
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/joho/godotenv"
|
||||
"github.com/sashabaranov/go-openai"
|
||||
|
||||
"gitlab.com/DeveloperDurp/DurpAPI/model"
|
||||
)
|
||||
|
||||
type Controller struct {
|
||||
openaiClient *openai.Client
|
||||
unraidAPIKey string
|
||||
unraidURI string
|
||||
ClientID string
|
||||
ClientSecret string
|
||||
RedirectURL string
|
||||
AuthURL string
|
||||
TokenURL string
|
||||
Cfg model.Config
|
||||
dbcfg model.DBConfig
|
||||
}
|
||||
|
||||
func NewController() *Controller {
|
||||
err := godotenv.Load(".env")
|
||||
if err != nil {
|
||||
log.Fatalf("unable to load file: %e", err)
|
||||
}
|
||||
controller := &Controller{}
|
||||
controller.Cfg = model.Config{}
|
||||
controller.dbcfg = model.DBConfig{}
|
||||
|
||||
openaiApiKey := os.Getenv("OPENAI_API_KEY")
|
||||
unraidAPIKey := os.Getenv("UNRAID_API_KEY")
|
||||
unraidURI := os.Getenv("UNRAID_URI")
|
||||
ClientID := os.Getenv("ClientID")
|
||||
ClientSecret := os.Getenv("ClientSecret")
|
||||
RedirectURL := os.Getenv("RedirectURL")
|
||||
AuthURL := os.Getenv("AuthURL")
|
||||
TokenURL := os.Getenv("TokenURL")
|
||||
err = env.Parse(&controller.Cfg)
|
||||
if err != nil {
|
||||
log.Fatalf("unable to parse environment variables: %e", err)
|
||||
}
|
||||
err = env.Parse(&controller.dbcfg)
|
||||
if err != nil {
|
||||
log.Fatalf("unable to parse database variables: %e", err)
|
||||
}
|
||||
controller.Cfg.OpenaiClient = *openai.NewClient(controller.Cfg.OpenaiApiKey)
|
||||
return controller
|
||||
}
|
||||
|
||||
return &Controller{
|
||||
openaiClient: openai.NewClient(openaiApiKey),
|
||||
unraidAPIKey: unraidAPIKey,
|
||||
unraidURI: unraidURI,
|
||||
ClientID: ClientID,
|
||||
ClientSecret: ClientSecret,
|
||||
RedirectURL: RedirectURL,
|
||||
AuthURL: AuthURL,
|
||||
TokenURL: TokenURL,
|
||||
func (c *Controller) AuthMiddleware(
|
||||
allowedGroups []string,
|
||||
currentGroups string,
|
||||
) gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
var groups []string
|
||||
|
||||
if currentGroups != "" {
|
||||
groups = strings.Split(currentGroups, ",")
|
||||
} else {
|
||||
// Get the user groups from the request headers
|
||||
groupsHeader := c.GetHeader("X-authentik-groups")
|
||||
|
||||
// Split the groups header value into individual groups
|
||||
groups = strings.Split(groupsHeader, "|")
|
||||
}
|
||||
|
||||
// Check if the user belongs to any of the allowed groups
|
||||
isAllowed := false
|
||||
for _, allowedGroup := range allowedGroups {
|
||||
for _, group := range groups {
|
||||
if group == allowedGroup {
|
||||
isAllowed = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if isAllowed {
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
// If the user is not in any of the allowed groups, respond with unauthorized access
|
||||
if !isAllowed {
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
|
||||
"message": "Unauthorized access",
|
||||
"groups": groups,
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
// Call the next handler
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user