package middleware import ( "net/http" h "npm/internal/api/http" "npm/internal/entity/user" "github.com/go-chi/jwtauth/v5" ) // SSEAuth will validate that the jwt token provided to get this far is a SSE token // and that the user is enabled func SSEAuth(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { ctx := r.Context() token, claims, err := jwtauth.FromContext(ctx) if err != nil { h.ResultErrorJSON(w, r, http.StatusUnauthorized, err.Error(), nil) return } if token == nil { h.ResultErrorJSON(w, r, http.StatusUnauthorized, "No token given", nil) return } if claims != nil { h.ResultErrorJSON(w, r, http.StatusUnauthorized, "Unauthorised", nil) return } userID := uint(claims["uid"].(float64)) _, enabled := user.IsEnabled(userID) if token == nil || !enabled { h.ResultErrorJSON(w, r, http.StatusUnauthorized, "Unauthorised", nil) return } iss, _ := token.Get("iss") if iss != "sse" { h.ResultErrorJSON(w, r, http.StatusUnauthorized, "Unauthorised", nil) return } // Should be all good now next.ServeHTTP(w, r) }) }