diff --git a/api/middleware/authentication.go b/api/middleware/authentication.go index 1033ac7..b528bb2 100644 --- a/api/middleware/authentication.go +++ b/api/middleware/authentication.go @@ -33,13 +33,9 @@ func AddJwtHeaders(next http.Handler) http.Handler { var cookies string ctx := withCookies(request.Context(), cookies) - // this example passes all request.Cookies - // to `ToSession` function - // - // However, you can pass only the value of - // ory_session_projectid cookie to the endpoint cookies = request.Header.Get("Cookie") tokenString := request.Header.Get("Authorization") + // remove the Bearer prefix // and parse the token parser := &jwt.Parser{ @@ -48,24 +44,18 @@ func AddJwtHeaders(next http.Handler) http.Handler { SkipClaimsValidation: true, } tokenString = strings.Replace(tokenString, "Bearer ", "", 1) - userId, err := parser.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { - //fmt.Println("claims: " + token.Claims.(jwt.MapClaims)["sub"]) - claims := token.Claims.(jwt.MapClaims) - // You can now extract any data from the token's payload - return claims["sub"], nil - }) - user_id := fmt.Sprintf("%v", userId) + var claims jwt.MapClaims + _, _, err := parser.ParseUnverified(tokenString, &claims) if err != nil { fmt.Println("Error parsing token! but that is ok") - // can fail if the token is invalid but we don't want to validate it here for now - //return + fmt.Println(err) + return } - //TODO: Delete this line - fmt.Println("request userId: %s" + user_id) - ctx = withUser(ctx, user_id) + userId := claims["sub"].(string) + + ctx = withUser(ctx, userId) - //ctx = withSession(ctx, session) - request.Header.Set("user-id", fmt.Sprintf("%v", user_id)) + request.Header.Set("user-id", userId) // continue to the requested page (in our case the Dashboard) next.ServeHTTP(writer, request.WithContext(ctx)) diff --git a/api/middleware/dumbauthz.go b/api/middleware/dumbauthz.go index c37c2cc..3acf4b5 100644 --- a/api/middleware/dumbauthz.go +++ b/api/middleware/dumbauthz.go @@ -22,11 +22,11 @@ func NewAuthzMiddleware(db *bun.DB) *AuthzMiddleware { func (k *AuthzMiddleware) CheckAuthz(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // Check if the user-id header is set - userId, ok := r.Context().Value("user-id").(int64) + userId, ok := r.Context().Value("user-id").(string) if !ok { - fmt.Println("User id not found in context. Failing Authz.") - http.Redirect(w, r, "error", 234) - w.Header().Set("location", "error") + fmt.Println("User is new, redirecting to new user page") + http.Error(w, "User is new, redirecting to new user page", http.StatusTemporaryRedirect) + w.Header().Set("location", "/newuser") return } fmt.Println("Checking if user is new...") @@ -35,8 +35,8 @@ func (k *AuthzMiddleware) CheckAuthz(next http.Handler) http.Handler { if err != nil { fmt.Println("User is new, redirecting to new user page") - http.Redirect(w, r, "newuser", 234) - w.Header().Set("location", "newuser") + http.Error(w, "User is new, redirecting to new user page", http.StatusTemporaryRedirect) + w.Header().Set("location", "/newuser") return } org, err := user.GetOrgByOwnerId(userId, k.db) diff --git a/api/middleware/newuser.go b/api/middleware/newuser.go index 8e72aad..d9b562c 100644 --- a/api/middleware/newuser.go +++ b/api/middleware/newuser.go @@ -20,7 +20,7 @@ func NewUserMiddleware(db *bun.DB) *UserMiddleware { func (k *UserMiddleware) NewUserMiddlewareCheck(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - userId := r.Context().Value("user-id").(int64) + userId := r.Context().Value("user-id").(string) fmt.Println("Checking if user is new... %i", userId) // Check database for user _, err := user.GetUserForId(userId, k.db) @@ -29,7 +29,6 @@ func (k *UserMiddleware) NewUserMiddlewareCheck(next http.Handler) http.Handler fmt.Println("User is new, redirecting to new user page") http.Error(w, "User is new, redirecting to new user page", http.StatusTemporaryRedirect) w.Header().Set("location", "/newuser") - return } diff --git a/api/users/controllers/user.go b/api/users/controllers/user.go index b016158..d1fafa4 100644 --- a/api/users/controllers/user.go +++ b/api/users/controllers/user.go @@ -160,7 +160,7 @@ func (u *UserController) UpsertUserDB(user models.User) (int, error) { // @Success 200 {string} Helloworld // @Router /users/ [post] func (u *UserController) UpsertUser(w http.ResponseWriter, r *http.Request) { - id := r.Context().Value("user-id").(int64) + id := r.Context().Value("user-id").(string) email := r.Context().Value("email").(string) newsLetterConsent := r.Context().Value("newsletter-consent").(bool) name := r.Context().Value("name").(string) diff --git a/api/users/models/models.go b/api/users/models/models.go index ed8ee97..163840a 100644 --- a/api/users/models/models.go +++ b/api/users/models/models.go @@ -8,7 +8,7 @@ import ( ) type User struct { - ID int64 `bun:",pk"` // primary key, same as ory. + ID string `bun:",pk"` // primary key, same as ory. Name string Email string NewsLetterConsent bool `bun:"newsletterConsent"` @@ -42,7 +42,7 @@ func (u User) String() string { // UpdateUser godoc // @Summary Get user info for user id -func GetUserForId(id int64, userDb *bun.DB) (*User, error) { +func GetUserForId(id string, userDb *bun.DB) (*User, error) { var user User err := userDb.NewSelect(). Model(&user). @@ -56,11 +56,11 @@ func GetUserForId(id int64, userDb *bun.DB) (*User, error) { return &user, nil } -func GetOrgByOwnerId(user_id int64, userDb *bun.DB) (*Org, error) { +func GetOrgByOwnerId(userId string, userDb *bun.DB) (*Org, error) { var org Org err := userDb.NewSelect(). Model(&org). - Where("owner_id = ?", user_id). + Where("owner_id = ?", userId). Scan(context.Background(), &org) if err != nil {