rtrox · rtrox · Jan 3, 2024 · Jan 3, 2024
@@ -2,30 +2,25 @@ package auth
 
 import (
 	"context"
+	"lybbrio/internal/ent/schema/ksuid"
+	"lybbrio/internal/ent/schema/permissions"
+	"lybbrio/internal/viewer"
 	"net/http"
 
 	"github.com/go-chi/render"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 )
 
-type claimCtxKeyType string
-
-const claimCtxKey claimCtxKeyType = "claims"
-
-func withClaims(ctx context.Context, claims *Claims) context.Context {
-	return context.WithValue(ctx, claimCtxKey, claims)
-}
-
-func ClaimsFromCtx(ctx context.Context) *Claims {
-	claims, ok := ctx.Value(claimCtxKey).(*Claims)
-	if !ok {
-		return nil
+func viewerCtxFromClaims(ctx context.Context, claims *Claims) context.Context {
+	perms := permissions.NewPermissions()
+	for _, perm := range claims.Permissions {
+		perms.Add(permissions.FromString(perm))
 	}
-	return claims
+	return viewer.NewContext(ctx, ksuid.ID(claims.UserID), perms)
 }
 
-func Middleware(prov *JWTProvider) func(http.Handler) http.Handler {
+func ViewerContextMiddleware(prov *JWTProvider) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			ctx := r.Context()
@@ -53,7 +48,7 @@ func Middleware(prov *JWTProvider) func(http.Handler) http.Handler {
 				return
 			}
 
-			ctx = withClaims(ctx, claims)
+			ctx = viewerCtxFromClaims(ctx, claims)
 			log.UpdateContext(func(c zerolog.Context) zerolog.Context {
 				return c.Str("user_id", claims.UserID)
 			})

@@ -1,6 +1,8 @@
 package auth
 
 import (
+	"lybbrio/internal/ent/schema/permissions"
+	"lybbrio/internal/viewer"
 	"net/http"
 	"net/http/httptest"
 	"testing"
@@ -19,16 +21,19 @@ func Test_Middleware(t *testing.T) {
 	)
 	require.NoError(err)
 
-	handler := Middleware(provider)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		claims := ClaimsFromCtx(r.Context())
-		require.Equal("some_user_id", claims.UserID)
-		require.Equal("some_user_name", claims.UserName)
+	handler := ViewerContextMiddleware(provider)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		view := viewer.FromContext(r.Context())
+		uid, ok := view.UserID()
+		require.True(ok)
+		require.Equal("some_user_id", uid.String())
+		require.True(view.Has(permissions.Admin))
+
 	}))
 
 	token, err := provider.CreateToken(
 		"some_user_id",
 		"some_user_name",
-		[]string{"some_permission"},
+		[]string{"Admin"},
 	)
 	require.NoError(err)
 
@@ -59,11 +64,11 @@ func Test_Middleware_BadToken(t *testing.T) {
 	token, err := wrong_provider.CreateToken(
 		"some_user_id",
 		"some_user_name",
-		[]string{"some_permission"},
+		[]string{"Admin"},
 	)
 	require.NoError(err)
 
-	handler := Middleware(provider)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	handler := ViewerContextMiddleware(provider)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
 	}))
 
@@ -96,7 +101,7 @@ func Test_Middleware_EmptyToken(t *testing.T) {
 	)
 	require.NoError(err)
 
-	handler := Middleware(provider)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	handler := ViewerContextMiddleware(provider)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
 	}))
 

@@ -220,8 +220,7 @@ func rootRun(cmd *cobra.Command, args []string) {
 	r.Mount("/auth", auth.Routes(client, jwtProvider))
 	r.Route("/graphql", func(r chi.Router) {
 		r.With(
-			auth.Middleware(jwtProvider),
-			middleware.ViewerContextMiddleware(client),
+			auth.ViewerContextMiddleware(jwtProvider),
 			middleware.SuperRead,
 		).Handle("/", graphqlHandler)
 		r.Handle("/playground", playground.Handler("Lybbrio GraphQL playground", "/graphql"))

@@ -7,7 +7,7 @@ import (
 type Permission int
 
 const (
-	Admin = iota + 1
+	Admin Permission = iota + 1
 	CanCreatePublic
 	CanEdit
 
@@ -28,6 +28,19 @@ func (p Permission) String() string {
 	return ""
 }
 
+func FromString(s string) Permission {
+	switch s {
+	case Admin.String():
+		return Admin
+	case CanCreatePublic.String():
+		return CanCreatePublic
+	case CanEdit.String():
+		return CanEdit
+	default:
+		return 0
+	}
+}
+
 type Permissions map[Permission]struct{}
 
 func NewPermissions(permissions ...Permission) Permissions {
@@ -43,6 +56,10 @@ func (p Permissions) Has(perm Permission) bool {
 	return ok
 }
 
+func (p Permissions) Add(perm Permission) {
+	p[perm] = struct{}{}
+}
+
 func (p Permissions) StringSlice() []string {
 	ret := make([]string, 0, len(p))
 	for k := range p {

@@ -5,7 +5,6 @@ import (
 	"lybbrio/internal/auth"
 	"lybbrio/internal/db"
 	"lybbrio/internal/ent/schema/permissions"
-	"lybbrio/internal/middleware"
 	"lybbrio/internal/viewer"
 	"net/http"
 	"net/http/httptest"
@@ -47,8 +46,7 @@ func Test_ViewerContextGetsSet(t *testing.T) {
 	require.NoError(err)
 
 	r := chi.NewRouter()
-	r.Use(auth.Middleware(jwtProvider))
-	r.Use(middleware.ViewerContextMiddleware(client))
+	r.Use(auth.ViewerContextMiddleware(jwtProvider))
 
 	r.Get("/", func(w http.ResponseWriter, r *http.Request) {
 		viewerCtx := viewer.FromContext(r.Context())