intial commit
This commit is contained in:
89
middlewares/roleMiddleware.go
Normal file
89
middlewares/roleMiddleware.go
Normal file
@@ -0,0 +1,89 @@
|
||||
package middlewares
|
||||
|
||||
import (
|
||||
"nearle/db"
|
||||
"nearle/models"
|
||||
|
||||
"github.com/gofiber/fiber/v2"
|
||||
)
|
||||
|
||||
type RolePayload struct {
|
||||
Roleid int `json:"roleid"`
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
func RoleCheckMiddleware(allowedRoles ...int) fiber.Handler {
|
||||
return func(c *fiber.Ctx) error {
|
||||
var user models.User
|
||||
|
||||
if err := c.BodyParser(&user); err != nil {
|
||||
return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{
|
||||
"status": false,
|
||||
"code": 400,
|
||||
"message": "Invalid request body",
|
||||
})
|
||||
}
|
||||
|
||||
var uid, dbRoleId int
|
||||
var status, dbPassword string
|
||||
var query string
|
||||
|
||||
if user.Authname != "" {
|
||||
query = `SELECT userid, password, status, roleid FROM app_users WHERE authname = ? AND configid = ?`
|
||||
db.DB.Raw(query, user.Authname, user.Configid).Row().Scan(&uid, &dbPassword, &status, &dbRoleId)
|
||||
} else if user.Contactno != "" {
|
||||
query = `SELECT userid, password, status, roleid FROM app_users WHERE contactno = ? AND configid = ?`
|
||||
db.DB.Raw(query, user.Contactno, user.Configid).Row().Scan(&uid, &dbPassword, &status, &dbRoleId)
|
||||
} else {
|
||||
return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{
|
||||
"status": false,
|
||||
"code": 400,
|
||||
"message": "authname or contactno required",
|
||||
})
|
||||
}
|
||||
|
||||
// No user found
|
||||
if uid == 0 {
|
||||
return c.Status(fiber.StatusOK).JSON(fiber.Map{
|
||||
"status": false,
|
||||
"code": 409,
|
||||
"message": "Invalid Email",
|
||||
"tenantform": true,
|
||||
})
|
||||
}
|
||||
|
||||
// Inactive user
|
||||
if status == "InActive" {
|
||||
return c.Status(fiber.StatusOK).JSON(fiber.Map{
|
||||
"status": false,
|
||||
"code": 403,
|
||||
"message": "Inactive Account. Contact admin.",
|
||||
})
|
||||
}
|
||||
|
||||
// Check allowed role
|
||||
allowed := false
|
||||
for _, r := range allowedRoles {
|
||||
if dbRoleId == r {
|
||||
allowed = true
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if !allowed {
|
||||
return c.Status(fiber.StatusOK).JSON(fiber.Map{
|
||||
"status": false,
|
||||
"code": 403,
|
||||
"message": "Unauthorized role",
|
||||
})
|
||||
}
|
||||
|
||||
// Store user data in context
|
||||
c.Locals("uid", uid)
|
||||
c.Locals("password", dbPassword)
|
||||
|
||||
return c.Next()
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user