Merge pull request #9 from hammercode-dev/be-06/middleware-level-user

[BE-06] - Middleware Level User

Author: AfandyW

app/middlewares/auth_middleware.go

@@ -8,51 +8,62 @@ import (
 	"github.com/hammer-code/lms-be/utils"
 )
 
-func (m *Middleware) AuthMiddleware(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
-		token := utils.ExtractBearerToken(request)
-		if len(*token) < 5 {
-			utils.Response(domain.HttpResponse{
-				Code:    401,
-				Message: "Forbidden",
-				Data:    nil,
-			}, writer)
-			return
-		}
-
-		verifyToken, err := m.Jwt.VerifyToken(*token)
-		if err != nil {
-			utils.Response(domain.HttpResponse{
-				Code:    500,
-				Message: err.Error(),
-				Data:    nil,
-			}, writer)
-			return
-		}
-
-		// tokenLogoutErr := m.UserRepo.ExpiredToken(request.Context(), *token)
-		// if tokenLogoutErr == nil {
-		// 	utils.Response(domain.HttpResponse{
-		// 		Code:    401,
-		// 		Message: "Token expired",
-		// 		Data:    nil,
-		// 	}, writer)
-		// 	return
-		// }
-
-		user, err := m.UserRepo.FindByEmail(request.Context(), verifyToken.Email)
-		if err != nil {
-			utils.Response(domain.HttpResponse{
-				Code:    401,
-				Message: "Forbidden",
-				Data:    nil,
-			}, writer)
-			return
-		}
-
-		writer.Header().Set("x-user-id", strconv.Itoa(user.ID))
-		writer.Header().Set("x-username", user.Username)
-
-		next.ServeHTTP(writer, request)
-	})
+func (m *Middleware) AuthMiddleware(allowedRole string) domain.MiddlewareFunc {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
+			token := utils.ExtractBearerToken(request)
+			if len(*token) < 5 {
+				utils.Response(domain.HttpResponse{
+					Code:    401,
+					Message: "Unauthorized",
+					Data:    nil,
+				}, writer)
+				return
+			}
+	
+			verifyToken, err := m.Jwt.VerifyToken(*token)
+			if err != nil {
+				utils.Response(domain.HttpResponse{
+					Code:    500,
+					Message: "failed to verify token",
+					Data:    nil,
+				}, writer)
+				return
+			}
+	
+			// tokenLogoutErr := m.UserRepo.ExpiredToken(request.Context(), *token)
+			// if tokenLogoutErr == nil {
+			// 	utils.Response(domain.HttpResponse{
+			// 		Code:    401,
+			// 		Message: "Token expired",
+			// 		Data:    nil,
+			// 	}, writer)
+			// 	return
+			// }
+	
+			user, err := m.UserRepo.FindByEmail(request.Context(), verifyToken.Email)
+			if err != nil {
+				utils.Response(domain.HttpResponse{
+					Code:    401,
+					Message: "Unauthorized",
+					Data:    nil,
+				}, writer)
+				return
+			}
+	
+			if user.Role != allowedRole {
+				utils.Response(domain.HttpResponse{
+					Code:    401,
+					Message: "Unauthorized",
+					Data:    nil,
+				}, writer)
+				return
+			}
+	
+			writer.Header().Set("x-user-id", strconv.Itoa(user.ID))
+			writer.Header().Set("x-username", user.Username)
+	
+			next.ServeHTTP(writer, request)
+		})
+	}
 }

cmd/serve_http.go

@@ -12,6 +12,7 @@ import (
 
 	"github.com/hammer-code/lms-be/app"
 	"github.com/hammer-code/lms-be/config"
+	"github.com/hammer-code/lms-be/constants"
 	_ "github.com/hammer-code/lms-be/docs"
 	"github.com/hammer-code/lms-be/domain"
 	"github.com/hammer-code/lms-be/utils"
@@ -136,10 +137,10 @@ func registerHandler(app app.App) *mux.Router {
 	public.HandleFunc("/events/pay", app.EventHandler.PayEvent).Methods(http.MethodPost)
 
 	protectedV1Route := v1.NewRoute().Subrouter()
-	protectedV1Route.Use(app.Middleware.AuthMiddleware)
+	protectedV1Route.Use(app.Middleware.AuthMiddleware(constants.RoleUser))
 
 	protectedV1AdminRoute := v1.PathPrefix("/admin").Subrouter()
-	protectedV1AdminRoute.Use(app.Middleware.AuthMiddleware)
+	protectedV1AdminRoute.Use(app.Middleware.AuthMiddleware(constants.RoleAdmin))
 
 	protectedV1Route.HandleFunc("/users", app.UserHandler.GetUsers).Methods(http.MethodGet)
 	protectedV1Route.HandleFunc("/user", app.UserHandler.GetUserProfile).Methods(http.MethodGet)

domain/middleware.go

@@ -3,6 +3,8 @@ package domain
 import "net/http"
 
 type Middleware interface {
-	AuthMiddleware(next http.Handler) http.Handler
+	AuthMiddleware(allowedRole string) MiddlewareFunc
 	LogMiddleware(next http.Handler) http.Handler
 }
+
+type MiddlewareFunc = func (http.Handler) http.Handler