114 lines
2.6 KiB
Go
114 lines
2.6 KiB
Go
package middleware
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
var validAPIKeys = map[string]string{
|
|
"ADMINAPI": "admin",
|
|
"GUESTAPI": "guest",
|
|
}
|
|
|
|
var validSignatures = map[string]string{
|
|
"MAILADMIN123": "admin",
|
|
"2fc40b52-6b21-4705-a88a-4e4b674a2490": "guest",
|
|
"967ae409-fd44-4853-ab15-4cab3a611a81": "guest",
|
|
"99d4f94c-419d-4556-849a-3ad6a466527a": "guest",
|
|
"ad8697db-9491-4faf-aac2-bf415de0de32": "guest",
|
|
"f67a17ba-e1f1-4356-87f8-33ece72750cc": "guest",
|
|
"e7b6deae-4177-45d0-b8e3-ac9f96c5427a": "guest",
|
|
"9accd55b-b868-475c-a54b-d6cd05a46eb3": "guest",
|
|
"8e593935-65b5-407c-9fb3-d16fbbe6bd65": "guest",
|
|
"20d4b986-9bea-4277-923f-1a7fd107ca52": "guest",
|
|
}
|
|
|
|
func APIKeySignatureMiddleware() gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
// Ambil API key dari header X-API-Key
|
|
apiKey := c.GetHeader("X-API-Key")
|
|
if apiKey == "" {
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
|
|
"status": "error",
|
|
"message": "API key diperlukan dalam header X-API-Key",
|
|
})
|
|
return
|
|
}
|
|
|
|
roleFromAPIKey, validAPIKey := validAPIKeys[apiKey]
|
|
if !validAPIKey {
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
|
|
"status": "error",
|
|
"message": "API key tidak valid",
|
|
})
|
|
c.Abort()
|
|
return
|
|
}
|
|
|
|
signature := c.GetHeader("X-SIGNATURE")
|
|
if signature == "" {
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
|
|
"status": "error",
|
|
"message": "Signature diperlukan dalam header X-SIGNATURE",
|
|
})
|
|
return
|
|
}
|
|
|
|
roleFromSignature, validSignature := validSignatures[signature]
|
|
if !validSignature {
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
|
|
"status": "error",
|
|
"message": "Signature tidak valid",
|
|
})
|
|
c.Abort()
|
|
return
|
|
}
|
|
|
|
if roleFromAPIKey != roleFromSignature {
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
|
|
"status": "error",
|
|
"message": "API key dan signature tidak sesuai",
|
|
})
|
|
c.Abort()
|
|
return
|
|
}
|
|
|
|
c.Set("role", roleFromAPIKey)
|
|
c.Next()
|
|
}
|
|
}
|
|
|
|
func RoleMiddleware(allowedRoles ...string) gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
|
|
role, exists := c.Get("role")
|
|
if !exists {
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
|
|
"status": "error",
|
|
"message": "API key tidak terdeteksi",
|
|
})
|
|
return
|
|
}
|
|
|
|
roleStr := role.(string)
|
|
roleAllowed := false
|
|
for _, r := range allowedRoles {
|
|
if r == roleStr {
|
|
roleAllowed = true
|
|
break
|
|
}
|
|
}
|
|
|
|
if !roleAllowed {
|
|
c.AbortWithStatusJSON(http.StatusForbidden, gin.H{
|
|
"status": "error",
|
|
"message": "Anda tidak memiliki izin untuk mengakses resource ini",
|
|
})
|
|
return
|
|
}
|
|
|
|
c.Next()
|
|
}
|
|
}
|