wip

zarkones · zarkones · commit 3e0239526372 · 2025-08-17T14:51:52.000+02:00
diff --git a/helpers.go b/helpers.go
@@ -12,10 +12,10 @@ func AuthenticateAndAuthorize(
 	metadata *string,
 	getPublicKeyByUserID func(userID string) (*rsa.PublicKey, error),
 	getPermissionsByUserID func(userID string) ([]Permission, error),
-) (username string, permissions []Permission, reject bool) {
-	username, permissions, reject = Authenticate(w, r, getPublicKeyByUserID, getPermissionsByUserID)
+) (userID string, permissions []Permission, reject bool) {
+	userID, permissions, reject = Authenticate(w, r, getPublicKeyByUserID, getPermissionsByUserID)
 	if reject {
-		return username, permissions, reject
+		return userID, permissions, reject
 	}
 
 	if permissionKey != PERMISSION_NOT_SPECIFIED {
@@ -25,7 +25,7 @@ func AuthenticateAndAuthorize(
 		}
 	}
 
-	return username, permissions, false
+	return userID, permissions, false
 }
 
 func Authenticate(
diff --git a/permissions.go b/permissions.go
@@ -0,0 +1,49 @@
+package access
+
+import (
+	"crypto/rsa"
+	"errors"
+	"net/http"
+)
+
+var (
+	ErrEndpointNotRegistered = errors.New("endpoint not registered")
+)
+
+// Permissions = method + path (aka endpoint key) -> PermissionKey
+var Permissions = map[string]PermissionKey{}
+
+func Route(r *http.ServeMux, method, path string, permission PermissionKey, handler func(http.ResponseWriter, *http.Request)) {
+	Permissions[method+path] = permission
+	r.HandleFunc(method+" "+path, handler)
+}
+
+var HandlerGetUserPublicKey func(userID string) (*rsa.PublicKey, error)
+var HandlerGetPermissionsByUserID func(userID string) ([]Permission, error)
+
+// IsAuthorized returns error only if the process failed, not if it's not authorized.
+func IsAuthorized(w http.ResponseWriter, r *http.Request, metadata *string) (userID string, isAuthorized bool, err error) {
+	endpointKey := r.Method + r.URL.Path
+
+	permissionKey, ok := Permissions[endpointKey]
+	if !ok {
+		return "", false, ErrEndpointNotRegistered
+	}
+
+	userID, permissions, reject := AuthenticateAndAuthorize(
+		w,
+		r,
+		permissionKey,
+		metadata,
+		HandlerGetUserPublicKey,
+		HandlerGetPermissionsByUserID,
+	)
+
+	_ = permissions
+
+	if reject {
+		return userID, false, nil
+	}
+
+	return userID, true, nil
+}

Original file line number	Diff line number	Diff line change
`@@ -12,10 +12,10 @@ func AuthenticateAndAuthorize(`
`12`	`12`	`metadata *string,`
`13`	`13`	`getPublicKeyByUserID func(userID string) (*rsa.PublicKey, error),`
`14`	`14`	`getPermissionsByUserID func(userID string) ([]Permission, error),`
`15`		`-) (username string, permissions []Permission, reject bool) {`
`16`		`- username, permissions, reject = Authenticate(w, r, getPublicKeyByUserID, getPermissionsByUserID)`
	`15`	`+) (userID string, permissions []Permission, reject bool) {`
	`16`	`+ userID, permissions, reject = Authenticate(w, r, getPublicKeyByUserID, getPermissionsByUserID)`
`17`	`17`	`if reject {`
`18`		`- return username, permissions, reject`
	`18`	`+ return userID, permissions, reject`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`if permissionKey != PERMISSION_NOT_SPECIFIED {`
`@@ -25,7 +25,7 @@ func AuthenticateAndAuthorize(`
`25`	`25`	`}`
`26`	`26`	`}`
`27`	`27`
`28`		`- return username, permissions, false`
	`28`	`+ return userID, permissions, false`
`29`	`29`	`}`
`30`	`30`
`31`	`31`	`func Authenticate(`