Tenant-Feature Phase 3: Auth-Middleware verdrahtet
- TenantSlug in User-Struct + GetSessionUser per JOIN befüllt - middleware.go: RequireAuth, RequireAdmin, RequireTenantAccess - router.go: alle Routen mit passendem Middleware-Stack gesichert Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Jesko Anschütz
parent
7e7a692521
commit
0b21be6469
3 changed files with 179 additions and 43 deletions
102
server/backend/internal/httpapi/middleware.go
Normal file
102
server/backend/internal/httpapi/middleware.go
Normal file
|
|
@ -0,0 +1,102 @@
|
|||
package httpapi
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
"net/url"
|
||||
|
||||
"git.az-it.net/az/morz-infoboard/server/backend/internal/store"
|
||||
)
|
||||
|
||||
// contextKey is an unexported type for context keys in this package.
|
||||
// Using a named type prevents collisions with keys from other packages.
|
||||
type contextKey int
|
||||
|
||||
const (
|
||||
contextKeyUser contextKey = iota
|
||||
)
|
||||
|
||||
// UserFromContext returns the authenticated *store.User stored in ctx,
|
||||
// or nil if none is present.
|
||||
func UserFromContext(ctx context.Context) *store.User {
|
||||
u, _ := ctx.Value(contextKeyUser).(*store.User)
|
||||
return u
|
||||
}
|
||||
|
||||
// RequireAuth returns middleware that validates the morz_session cookie.
|
||||
// On success it stores the *store.User in the request context and calls next.
|
||||
// On failure it redirects to /login?next=<current-path>.
|
||||
func RequireAuth(authStore *store.AuthStore) func(http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
cookie, err := r.Cookie("morz_session")
|
||||
if err != nil {
|
||||
redirectToLogin(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
user, err := authStore.GetSessionUser(r.Context(), cookie.Value)
|
||||
if err != nil {
|
||||
redirectToLogin(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
ctx := context.WithValue(r.Context(), contextKeyUser, user)
|
||||
next.ServeHTTP(w, r.WithContext(ctx))
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// RequireAdmin is middleware that allows only users with role "admin".
|
||||
// It must be chained after RequireAuth (so a user is present in context).
|
||||
// On failure it responds with 403 Forbidden.
|
||||
func RequireAdmin(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
user := UserFromContext(r.Context())
|
||||
if user == nil || user.Role != "admin" {
|
||||
http.Error(w, "Forbidden", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
|
||||
// RequireTenantAccess is middleware that allows access only when the
|
||||
// authenticated user belongs to the tenant identified by the {tenantSlug}
|
||||
// path value, or when the user has role "admin" (admins can access everything).
|
||||
// It must be chained after RequireAuth.
|
||||
func RequireTenantAccess(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
user := UserFromContext(r.Context())
|
||||
if user == nil {
|
||||
http.Error(w, "Forbidden", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
// Admins bypass tenant isolation.
|
||||
if user.Role == "admin" {
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
tenantSlug := r.PathValue("tenantSlug")
|
||||
if tenantSlug != "" && user.TenantSlug != tenantSlug {
|
||||
http.Error(w, "Forbidden", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
|
||||
// chain applies a list of middleware to a handler, wrapping outermost first.
|
||||
// chain(m1, m2, m3)(h) == m1(m2(m3(h)))
|
||||
func chain(h http.Handler, middlewares ...func(http.Handler) http.Handler) http.Handler {
|
||||
for i := len(middlewares) - 1; i >= 0; i-- {
|
||||
h = middlewares[i](h)
|
||||
}
|
||||
return h
|
||||
}
|
||||
|
||||
// redirectToLogin issues a 303 redirect to /login with the current path as ?next=.
|
||||
func redirectToLogin(w http.ResponseWriter, r *http.Request) {
|
||||
target := "/login?next=" + url.QueryEscape(r.URL.RequestURI())
|
||||
http.Redirect(w, r, target, http.StatusSeeOther)
|
||||
}
|
||||
|
|
@ -96,58 +96,74 @@ func registerManageRoutes(mux *http.ServeMux, d RouterDeps) {
|
|||
mux.HandleFunc("POST /login", manage.HandleLoginPost(d.AuthStore, d.Config))
|
||||
mux.HandleFunc("POST /logout", manage.HandleLogoutPost(d.AuthStore))
|
||||
|
||||
// Shorthand middleware combinators for this router.
|
||||
authOnly := func(h http.Handler) http.Handler {
|
||||
return chain(h, RequireAuth(d.AuthStore))
|
||||
}
|
||||
authAdmin := func(h http.Handler) http.Handler {
|
||||
return chain(h, RequireAuth(d.AuthStore), RequireAdmin)
|
||||
}
|
||||
authTenant := func(h http.Handler) http.Handler {
|
||||
return chain(h, RequireAuth(d.AuthStore), RequireTenantAccess)
|
||||
}
|
||||
|
||||
// ── Admin UI ──────────────────────────────────────────────────────────
|
||||
mux.HandleFunc("GET /admin", manage.HandleAdminUI(d.TenantStore, d.ScreenStore))
|
||||
mux.HandleFunc("POST /admin/screens/provision", manage.HandleProvisionUI(d.TenantStore, d.ScreenStore))
|
||||
mux.HandleFunc("POST /admin/screens", manage.HandleCreateScreenUI(d.TenantStore, d.ScreenStore))
|
||||
mux.HandleFunc("POST /admin/screens/{screenId}/delete", manage.HandleDeleteScreenUI(d.ScreenStore))
|
||||
mux.Handle("GET /admin",
|
||||
authAdmin(http.HandlerFunc(manage.HandleAdminUI(d.TenantStore, d.ScreenStore))))
|
||||
mux.Handle("POST /admin/screens/provision",
|
||||
authAdmin(http.HandlerFunc(manage.HandleProvisionUI(d.TenantStore, d.ScreenStore))))
|
||||
mux.Handle("POST /admin/screens",
|
||||
authAdmin(http.HandlerFunc(manage.HandleCreateScreenUI(d.TenantStore, d.ScreenStore))))
|
||||
mux.Handle("POST /admin/screens/{screenId}/delete",
|
||||
authAdmin(http.HandlerFunc(manage.HandleDeleteScreenUI(d.ScreenStore))))
|
||||
|
||||
// ── Playlist management UI ────────────────────────────────────────────
|
||||
mux.HandleFunc("GET /manage/{screenSlug}",
|
||||
manage.HandleManageUI(d.TenantStore, d.ScreenStore, d.MediaStore, d.PlaylistStore))
|
||||
mux.HandleFunc("POST /manage/{screenSlug}/upload",
|
||||
manage.HandleUploadMediaUI(d.MediaStore, d.ScreenStore, uploadDir))
|
||||
mux.HandleFunc("POST /manage/{screenSlug}/items",
|
||||
manage.HandleAddItemUI(d.PlaylistStore, d.MediaStore, d.ScreenStore, notifier))
|
||||
mux.HandleFunc("POST /manage/{screenSlug}/items/{itemId}",
|
||||
manage.HandleUpdateItemUI(d.PlaylistStore, notifier))
|
||||
mux.HandleFunc("POST /manage/{screenSlug}/items/{itemId}/delete",
|
||||
manage.HandleDeleteItemUI(d.PlaylistStore, notifier))
|
||||
mux.HandleFunc("POST /manage/{screenSlug}/reorder",
|
||||
manage.HandleReorderUI(d.PlaylistStore, d.ScreenStore, notifier))
|
||||
mux.HandleFunc("POST /manage/{screenSlug}/media/{mediaId}/delete",
|
||||
manage.HandleDeleteMediaUI(d.MediaStore, d.ScreenStore, uploadDir, notifier))
|
||||
mux.Handle("GET /manage/{screenSlug}",
|
||||
authOnly(http.HandlerFunc(manage.HandleManageUI(d.TenantStore, d.ScreenStore, d.MediaStore, d.PlaylistStore))))
|
||||
mux.Handle("POST /manage/{screenSlug}/upload",
|
||||
authOnly(http.HandlerFunc(manage.HandleUploadMediaUI(d.MediaStore, d.ScreenStore, uploadDir))))
|
||||
mux.Handle("POST /manage/{screenSlug}/items",
|
||||
authOnly(http.HandlerFunc(manage.HandleAddItemUI(d.PlaylistStore, d.MediaStore, d.ScreenStore, notifier))))
|
||||
mux.Handle("POST /manage/{screenSlug}/items/{itemId}",
|
||||
authOnly(http.HandlerFunc(manage.HandleUpdateItemUI(d.PlaylistStore, notifier))))
|
||||
mux.Handle("POST /manage/{screenSlug}/items/{itemId}/delete",
|
||||
authOnly(http.HandlerFunc(manage.HandleDeleteItemUI(d.PlaylistStore, notifier))))
|
||||
mux.Handle("POST /manage/{screenSlug}/reorder",
|
||||
authOnly(http.HandlerFunc(manage.HandleReorderUI(d.PlaylistStore, d.ScreenStore, notifier))))
|
||||
mux.Handle("POST /manage/{screenSlug}/media/{mediaId}/delete",
|
||||
authOnly(http.HandlerFunc(manage.HandleDeleteMediaUI(d.MediaStore, d.ScreenStore, uploadDir, notifier))))
|
||||
|
||||
// ── JSON API — screens ────────────────────────────────────────────────
|
||||
// Self-registration: called by agent on startup (must be before /{tenantSlug}/ routes)
|
||||
// Self-registration: no auth (player calls this on startup).
|
||||
mux.HandleFunc("POST /api/v1/screens/register",
|
||||
manage.HandleRegisterScreen(d.TenantStore, d.ScreenStore))
|
||||
mux.HandleFunc("GET /api/v1/tenants/{tenantSlug}/screens",
|
||||
manage.HandleListScreens(d.TenantStore, d.ScreenStore))
|
||||
mux.HandleFunc("POST /api/v1/tenants/{tenantSlug}/screens",
|
||||
manage.HandleCreateScreen(d.TenantStore, d.ScreenStore))
|
||||
mux.Handle("GET /api/v1/tenants/{tenantSlug}/screens",
|
||||
authTenant(http.HandlerFunc(manage.HandleListScreens(d.TenantStore, d.ScreenStore))))
|
||||
mux.Handle("POST /api/v1/tenants/{tenantSlug}/screens",
|
||||
authTenant(http.HandlerFunc(manage.HandleCreateScreen(d.TenantStore, d.ScreenStore))))
|
||||
|
||||
// ── JSON API — media ──────────────────────────────────────────────────
|
||||
mux.HandleFunc("GET /api/v1/tenants/{tenantSlug}/media",
|
||||
manage.HandleListMedia(d.TenantStore, d.MediaStore))
|
||||
mux.HandleFunc("POST /api/v1/tenants/{tenantSlug}/media",
|
||||
manage.HandleUploadMedia(d.TenantStore, d.MediaStore, uploadDir))
|
||||
mux.HandleFunc("DELETE /api/v1/media/{id}",
|
||||
manage.HandleDeleteMedia(d.MediaStore, uploadDir))
|
||||
mux.Handle("GET /api/v1/tenants/{tenantSlug}/media",
|
||||
authTenant(http.HandlerFunc(manage.HandleListMedia(d.TenantStore, d.MediaStore))))
|
||||
mux.Handle("POST /api/v1/tenants/{tenantSlug}/media",
|
||||
authTenant(http.HandlerFunc(manage.HandleUploadMedia(d.TenantStore, d.MediaStore, uploadDir))))
|
||||
mux.Handle("DELETE /api/v1/media/{id}",
|
||||
authOnly(http.HandlerFunc(manage.HandleDeleteMedia(d.MediaStore, uploadDir))))
|
||||
|
||||
// ── JSON API — playlists ──────────────────────────────────────────────
|
||||
// Player fetches its playlist — no auth required.
|
||||
mux.HandleFunc("GET /api/v1/screens/{screenId}/playlist",
|
||||
manage.HandlePlayerPlaylist(d.ScreenStore, d.PlaylistStore))
|
||||
mux.HandleFunc("GET /api/v1/playlists/{screenId}",
|
||||
manage.HandleGetPlaylist(d.ScreenStore, d.PlaylistStore))
|
||||
mux.HandleFunc("POST /api/v1/playlists/{playlistId}/items",
|
||||
manage.HandleAddItem(d.PlaylistStore, d.MediaStore, notifier))
|
||||
mux.HandleFunc("PATCH /api/v1/items/{itemId}",
|
||||
manage.HandleUpdateItem(d.PlaylistStore, notifier))
|
||||
mux.HandleFunc("DELETE /api/v1/items/{itemId}",
|
||||
manage.HandleDeleteItem(d.PlaylistStore, notifier))
|
||||
mux.HandleFunc("PUT /api/v1/playlists/{playlistId}/order",
|
||||
manage.HandleReorder(d.PlaylistStore, notifier))
|
||||
mux.HandleFunc("PATCH /api/v1/playlists/{playlistId}/duration",
|
||||
manage.HandleUpdatePlaylistDuration(d.PlaylistStore))
|
||||
mux.Handle("GET /api/v1/playlists/{screenId}",
|
||||
authOnly(http.HandlerFunc(manage.HandleGetPlaylist(d.ScreenStore, d.PlaylistStore))))
|
||||
mux.Handle("POST /api/v1/playlists/{playlistId}/items",
|
||||
authOnly(http.HandlerFunc(manage.HandleAddItem(d.PlaylistStore, d.MediaStore, notifier))))
|
||||
mux.Handle("PATCH /api/v1/items/{itemId}",
|
||||
authOnly(http.HandlerFunc(manage.HandleUpdateItem(d.PlaylistStore, notifier))))
|
||||
mux.Handle("DELETE /api/v1/items/{itemId}",
|
||||
authOnly(http.HandlerFunc(manage.HandleDeleteItem(d.PlaylistStore, notifier))))
|
||||
mux.Handle("PUT /api/v1/playlists/{playlistId}/order",
|
||||
authOnly(http.HandlerFunc(manage.HandleReorder(d.PlaylistStore, notifier))))
|
||||
mux.Handle("PATCH /api/v1/playlists/{playlistId}/duration",
|
||||
authOnly(http.HandlerFunc(manage.HandleUpdatePlaylistDuration(d.PlaylistStore))))
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ import (
|
|||
type User struct {
|
||||
ID string `json:"id"`
|
||||
TenantID string `json:"tenant_id"`
|
||||
TenantSlug string `json:"tenant_slug"`
|
||||
Username string `json:"username"`
|
||||
PasswordHash string `json:"-"`
|
||||
Role string `json:"role"`
|
||||
|
|
@ -64,14 +65,16 @@ func (s *AuthStore) CreateSession(ctx context.Context, userID string, ttl time.D
|
|||
|
||||
// GetSessionUser returns the user associated with sessionID if the session is still valid.
|
||||
// Returns pgx.ErrNoRows when the session does not exist or has expired.
|
||||
// TenantSlug is populated via JOIN on tenants.
|
||||
func (s *AuthStore) GetSessionUser(ctx context.Context, sessionID string) (*User, error) {
|
||||
row := s.pool.QueryRow(ctx,
|
||||
`select u.id, u.tenant_id, u.username, u.password_hash, u.role, u.created_at
|
||||
`select u.id, u.tenant_id, coalesce(t.slug, ''), u.username, u.password_hash, u.role, u.created_at
|
||||
from sessions se
|
||||
join users u on u.id = se.user_id
|
||||
left join tenants t on t.id = u.tenant_id
|
||||
where se.id = $1
|
||||
and se.expires_at > now()`, sessionID)
|
||||
return scanUser(row)
|
||||
return scanUserWithSlug(row)
|
||||
}
|
||||
|
||||
// DeleteSession removes the session with the given ID.
|
||||
|
|
@ -158,6 +161,21 @@ func scanUser(row interface {
|
|||
return &u, nil
|
||||
}
|
||||
|
||||
// scanUserWithSlug scans a row that includes tenant_slug as the third column.
|
||||
func scanUserWithSlug(row interface {
|
||||
Scan(dest ...any) error
|
||||
}) (*User, error) {
|
||||
var u User
|
||||
err := row.Scan(&u.ID, &u.TenantID, &u.TenantSlug, &u.Username, &u.PasswordHash, &u.Role, &u.CreatedAt)
|
||||
if err != nil {
|
||||
if err == pgx.ErrNoRows {
|
||||
return nil, pgx.ErrNoRows
|
||||
}
|
||||
return nil, fmt.Errorf("scan user: %w", err)
|
||||
}
|
||||
return &u, nil
|
||||
}
|
||||
|
||||
func scanSession(row interface {
|
||||
Scan(dest ...any) error
|
||||
}) (*Session, error) {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue