diff options
| author | mo khan <mo@mokhan.ca> | 2022-05-16 12:04:48 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2022-05-16 12:04:48 -0600 |
| commit | be838530167493599a4681a412d12416122e2e12 (patch) | |
| tree | ee75002884529af22ed99745ced775565e26be45 | |
| parent | 184ab060081467edfe63d021d9cd11734c09456e (diff) | |
check the permissions in the token
| -rw-r--r-- | cmd/api/main.go | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/cmd/api/main.go b/cmd/api/main.go index d20731e..b300da3 100644 --- a/cmd/api/main.go +++ b/cmd/api/main.go @@ -18,7 +18,8 @@ import ( ) type CustomClaims struct { - Scope string `json:"scope"` + Scope string `json:"scope"` + Permissions []string `json:"permissions"` } func (c CustomClaims) Validate(ctx context.Context) error { @@ -35,6 +36,15 @@ func (c CustomClaims) HasScope(expectedScope string) bool { return false } +func (c CustomClaims) HasPermission(permission string) bool { + for _, value := range c.Permissions { + if value == permission { + return true + } + } + return false +} + // type TokenExtractor func(r *http.Request) (string, error) func Extractor(r *http.Request) (string, error) { authHeader := r.Header.Get("Authorization") @@ -148,7 +158,7 @@ func main() { token := r.Context().Value(jwtmiddleware.ContextKey{}).(*validator.ValidatedClaims) claims := token.CustomClaims.(*CustomClaims) - if !claims.HasScope("read:messages") { + if !claims.HasPermission("read:incidents") { w.WriteHeader(http.StatusForbidden) w.Write([]byte(`{"message":"insufficient scope."}`)) return |