adds casbin and accounts

1 files changed, 45 insertions, 0 deletions

diff --git a/internal/auth/middleware.go b/internal/auth/middleware.go
new file mode 100644
index 0000000..0be033c
--- /dev/null
+++ b/internal/auth/middleware.go
@@ -0,0 +1,45 @@
+package auth
+
+import (
+	"net/http"
+
+	"github.com/alexedwards/scs/v2"
+	"github.com/apex/log"
+)
+
+const (
+	loginURL = "/login"
+)
+
+func AuthOnly(s Servicer, ses *scs.SessionManager) func(next http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		fn := func(w http.ResponseWriter, r *http.Request) {
+			userID := ses.GetString(r.Context(), "profid")
+			if userID == "" {
+				userID = "anon"
+			}
+			resource := r.URL.Path
+			// set the action to something that will never match
+			action := "forbidden"
+			switch r.Method {
+			case "POST", "PUT", "PATCH":
+				action = "write"
+			case "HEAD", "GET":
+				action = "read"
+			}
+			// TODO determine action
+			enforced, err := s.Enf().EnforceSafe(userID, resource, action)
+			if err != nil {
+				log.Errorf("%s", err)
+				return
+			}
+			if !enforced {
+				// TODO probably need to do something about suggesting to login
+				http.Error(w, "not found, are you signed in?", http.StatusNotFound)
+				return
+			}
+			next.ServeHTTP(w, r)
+		}
+		return http.HandlerFunc(fn)
+	}
+}