feat: add support for checking the user account and storing in a new context

2024-01-17 08:43:32 -05:00 · 2024-01-17 08:43:32 -05:00 · e31672aad0
parent 4ae272205a
commit e31672aad0
1 changed files with 29 additions and 1 deletions
--- a/api/s5/middleware.go
+++ b/api/s5/middleware.go
@ -1,14 +1,20 @@
 package s5

 import (
+	"context"
 	"fmt"
 	"git.lumeweb.com/LumeWeb/portal/interfaces"
 	"github.com/golang-jwt/jwt/v5"
 	"go.sia.tech/jape"
 	"net/http"
+	"strconv"
 	"strings"
 )

+const (
+	AuthUserIDKey = "userID"
+)
+
 func AuthMiddleware(handler jape.Handler, portal interfaces.Portal) jape.Handler {
 	return jape.Adapt(func(h http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@ -35,7 +41,29 @@ func AuthMiddleware(handler jape.Handler, portal interfaces.Portal) jape.Handler
 				return
 			}

-			if _, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
+			if claim, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
+				subject, err := claim.GetSubject()
+				if err != nil {
+					http.Error(w, err.Error(), http.StatusBadRequest)
+					return
+				}
+
+				userID, err := strconv.ParseUint(subject, 10, 64)
+				if err != nil {
+					http.Error(w, "Invalid User ID", http.StatusBadRequest)
+					return
+				}
+
+				exists, _ := portal.Accounts().AccountExists(userID)
+
+				if !exists {
+					http.Error(w, "Invalid User ID", http.StatusBadRequest)
+					return
+				}
+
+				ctx := context.WithValue(r.Context(), "userId", userID)
+				r = r.WithContext(ctx)
+
 				h.ServeHTTP(w, r)
 			} else {
 				http.Error(w, "Invalid JWT", http.StatusUnauthorized)