first commit
This commit is contained in:
@@ -0,0 +1,113 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
var validAPIKeys = map[string]string{
|
||||
"ADMINAPI": "admin",
|
||||
"GUESTAPI": "guest",
|
||||
}
|
||||
|
||||
var validSignatures = map[string]string{
|
||||
"MAILADMIN123": "admin",
|
||||
"2fc40b52-6b21-4705-a88a-4e4b674a2490": "guest",
|
||||
"967ae409-fd44-4853-ab15-4cab3a611a81": "guest",
|
||||
"99d4f94c-419d-4556-849a-3ad6a466527a": "guest",
|
||||
"ad8697db-9491-4faf-aac2-bf415de0de32": "guest",
|
||||
"f67a17ba-e1f1-4356-87f8-33ece72750cc": "guest",
|
||||
"e7b6deae-4177-45d0-b8e3-ac9f96c5427a": "guest",
|
||||
"9accd55b-b868-475c-a54b-d6cd05a46eb3": "guest",
|
||||
"8e593935-65b5-407c-9fb3-d16fbbe6bd65": "guest",
|
||||
"20d4b986-9bea-4277-923f-1a7fd107ca52": "guest",
|
||||
}
|
||||
|
||||
func APIKeySignatureMiddleware() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
// Ambil API key dari header X-API-Key
|
||||
apiKey := c.GetHeader("X-API-Key")
|
||||
if apiKey == "" {
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
|
||||
"status": "error",
|
||||
"message": "API key diperlukan dalam header X-API-Key",
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
roleFromAPIKey, validAPIKey := validAPIKeys[apiKey]
|
||||
if !validAPIKey {
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
|
||||
"status": "error",
|
||||
"message": "API key tidak valid",
|
||||
})
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
||||
signature := c.GetHeader("X-SIGNATURE")
|
||||
if signature == "" {
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
|
||||
"status": "error",
|
||||
"message": "Signature diperlukan dalam header X-SIGNATURE",
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
roleFromSignature, validSignature := validSignatures[signature]
|
||||
if !validSignature {
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
|
||||
"status": "error",
|
||||
"message": "Signature tidak valid",
|
||||
})
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
||||
if roleFromAPIKey != roleFromSignature {
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
|
||||
"status": "error",
|
||||
"message": "API key dan signature tidak sesuai",
|
||||
})
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
||||
c.Set("role", roleFromAPIKey)
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
func RoleMiddleware(allowedRoles ...string) gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
|
||||
role, exists := c.Get("role")
|
||||
if !exists {
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
|
||||
"status": "error",
|
||||
"message": "API key tidak terdeteksi",
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
roleStr := role.(string)
|
||||
roleAllowed := false
|
||||
for _, r := range allowedRoles {
|
||||
if r == roleStr {
|
||||
roleAllowed = true
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if !roleAllowed {
|
||||
c.AbortWithStatusJSON(http.StatusForbidden, gin.H{
|
||||
"status": "error",
|
||||
"message": "Anda tidak memiliki izin untuk mengakses resource ini",
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user