Yadciel/taskcafe
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: use correct context keys when retrieving userID & role

Browse Source
This commit is contained in:
Jordan Knott 2020-08-21 23:08:30 -05:00
parent 3c4370e68a
commit 314bf224ea
4 changed files with 24 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
internal/graph/graph.go
View File

@ -17,6 +17,7 @@ import (
"github.com/google/uuid" "github.com/google/uuid"
"github.com/jordanknott/taskcafe/internal/auth" "github.com/jordanknott/taskcafe/internal/auth"
"github.com/jordanknott/taskcafe/internal/db" "github.com/jordanknott/taskcafe/internal/db"
"github.com/jordanknott/taskcafe/internal/utils"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
) )
@ -108,13 +109,13 @@ func NewPlaygroundHandler(endpoint string) http.Handler {
// GetUserID retrieves the UserID out of a context // GetUserID retrieves the UserID out of a context
func GetUserID(ctx context.Context) (uuid.UUID, bool) { func GetUserID(ctx context.Context) (uuid.UUID, bool) {
userID, ok := ctx.Value("userID").(uuid.UUID) userID, ok := ctx.Value(utils.UserIDKey).(uuid.UUID)
return userID, ok return userID, ok
} }
// GetUserRole retrieves the user role out of a context // GetUserRole retrieves the user role out of a context
func GetUserRole(ctx context.Context) (auth.Role, bool) { func GetUserRole(ctx context.Context) (auth.Role, bool) {
role, ok := ctx.Value("org_role").(auth.Role) role, ok := ctx.Value(utils.OrgRoleKey).(auth.Role)
return role, ok return role, ok
} }
@ -127,7 +128,7 @@ func GetUser(ctx context.Context) (uuid.UUID, auth.Role, bool) {
// GetRestrictedMode retrieves the restricted mode code out of a context // GetRestrictedMode retrieves the restricted mode code out of a context
func GetRestrictedMode(ctx context.Context) (auth.RestrictedMode, bool) { func GetRestrictedMode(ctx context.Context) (auth.RestrictedMode, bool) {
restricted, ok := ctx.Value("restricted_mode").(auth.RestrictedMode) restricted, ok := ctx.Value(utils.RestrictedModeKey).(auth.RestrictedMode)
return restricted, ok return restricted, ok
} }

6
internal/graph/schema.resolvers.go
View File

@ -892,7 +892,7 @@ func (r *queryResolver) Projects(ctx context.Context, input *ProjectsFilter) ([]
visibleProjects, err := r.Repository.GetAllVisibleProjectsForUserID(ctx, userID) visibleProjects, err := r.Repository.GetAllVisibleProjectsForUserID(ctx, userID)
if err != nil { if err != nil {
log.Info("user id was not found from middleware") log.WithField("userID", userID).Info("error getting visible projects for user")
return []db.Project{}, nil return []db.Project{}, nil
} }
for _, project := range visibleProjects { for _, project := range visibleProjects {
@ -942,7 +942,7 @@ func (r *queryResolver) Teams(ctx context.Context) ([]db.Team, error) {
visibleProjects, err := r.Repository.GetAllVisibleProjectsForUserID(ctx, userID) visibleProjects, err := r.Repository.GetAllVisibleProjectsForUserID(ctx, userID)
if err != nil { if err != nil {
log.Info("user id was not found from middleware") log.WithField("userID", userID).Info("error while getting visible projects")
return []db.Team{}, err return []db.Team{}, err
} }
for _, project := range visibleProjects { for _, project := range visibleProjects {
@ -951,7 +951,7 @@ func (r *queryResolver) Teams(ctx context.Context) ([]db.Team, error) {
log.WithFields(log.Fields{"projectID": project.ProjectID.String()}).Info("adding visible project") log.WithFields(log.Fields{"projectID": project.ProjectID.String()}).Info("adding visible project")
team, err := r.Repository.GetTeamByID(ctx, project.TeamID) team, err := r.Repository.GetTeamByID(ctx, project.TeamID)
if err != nil { if err != nil {
log.Info("user id was not found from middleware") log.WithField("teamID", project.TeamID).Info("error getting team by id")
return []db.Team{}, err return []db.Team{}, err
} }
teams[project.TeamID.String()] = team teams[project.TeamID.String()] = team

19
internal/route/middleware.go
View File

@ -7,21 +7,10 @@ import (
"github.com/google/uuid" "github.com/google/uuid"
"github.com/jordanknott/taskcafe/internal/auth" "github.com/jordanknott/taskcafe/internal/auth"
"github.com/jordanknott/taskcafe/internal/utils"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
) )
// ContextKey represents a context key
type ContextKey string
const (
// UserIDKey is the key for the user id of the authenticated user
UserIDKey ContextKey = "userID"
//RestrictedModeKey is the key for whether the authenticated user only has access to install route
RestrictedModeKey ContextKey = "restricted_mode"
// OrgRoleKey is the key for the organization role code of the authenticated user
OrgRoleKey ContextKey = "org_role"
)
// AuthenticationMiddleware is a middleware that requires a valid JWT token to be passed via the Authorization header // AuthenticationMiddleware is a middleware that requires a valid JWT token to be passed via the Authorization header
func AuthenticationMiddleware(next http.Handler) http.Handler { func AuthenticationMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@ -64,9 +53,9 @@ func AuthenticationMiddleware(next http.Handler) http.Handler {
return return
} }
} }
ctx := context.WithValue(r.Context(), UserIDKey, userID) ctx := context.WithValue(r.Context(), utils.UserIDKey, userID)
ctx = context.WithValue(ctx, RestrictedModeKey, accessClaims.Restricted) ctx = context.WithValue(ctx, utils.RestrictedModeKey, accessClaims.Restricted)
ctx = context.WithValue(ctx, OrgRoleKey, accessClaims.OrgRole) ctx = context.WithValue(ctx, utils.OrgRoleKey, accessClaims.OrgRole)
next.ServeHTTP(w, r.WithContext(ctx)) next.ServeHTTP(w, r.WithContext(ctx))
}) })

13
internal/utils/context.go Normal file
View File

@ -0,0 +1,13 @@
package utils
// ContextKey represents a context key
type ContextKey string
const (
// UserIDKey is the key for the user id of the authenticated user
UserIDKey ContextKey = "userID"
//RestrictedModeKey is the key for whether the authenticated user only has access to install route
RestrictedModeKey ContextKey = "restricted_mode"
// OrgRoleKey is the key for the organization role code of the authenticated user
OrgRoleKey ContextKey = "org_role"
)