From aa20652abc470dd56ee09dffe4e30c7a60ae1d4a Mon Sep 17 00:00:00 2001 From: H3ALY Date: Tue, 28 Oct 2025 15:24:25 +0000 Subject: [PATCH] Moved admin only to middleware. --- internal/http/middleware/admin.go | 52 +++++++++++++++++++++++++++++ internal/storage/auditlog/create.go | 44 ------------------------ 2 files changed, 52 insertions(+), 44 deletions(-) create mode 100644 internal/http/middleware/admin.go diff --git a/internal/http/middleware/admin.go b/internal/http/middleware/admin.go new file mode 100644 index 0000000..b6bdd3b --- /dev/null +++ b/internal/http/middleware/admin.go @@ -0,0 +1,52 @@ +package middleware + +import ( + "net/http" + "time" + + httphelpers "synlotto-website/internal/helpers/http" + securityHelpers "synlotto-website/internal/helpers/security" + auditlogStorage "synlotto-website/internal/storage/auditlog" + + "synlotto-website/internal/platform/bootstrap" + + "github.com/gin-gonic/gin" +) + +func AdminOnly() gin.HandlerFunc { + return func(c *gin.Context) { + app := c.MustGet("app").(*bootstrap.App) + sm := app.SessionManager + ctx := c.Request.Context() + + v := sm.Get(ctx, "user_id") + var uid int64 + switch t := v.(type) { + case int64: + uid = t + case int: + uid = int64(t) + default: + c.Redirect(http.StatusSeeOther, "/account/login") + c.Abort() + return + } + + if !securityHelpers.IsAdmin(app.DB, int(uid)) { + c.String(http.StatusForbidden, "Forbidden") + c.Abort() + return + } + + auditlogStorage.LogAdminAccess( + app.DB, + uid, + c.Request.URL.Path, + httphelpers.ClientIP(c.Request), + c.Request.UserAgent(), + time.Now().UTC(), + ) + + c.Next() + } +} diff --git a/internal/storage/auditlog/create.go b/internal/storage/auditlog/create.go index 82b86c0..6546cf5 100644 --- a/internal/storage/auditlog/create.go +++ b/internal/storage/auditlog/create.go @@ -3,15 +3,9 @@ package storage import ( "context" "database/sql" - "net/http" "time" - securityHelpers "synlotto-website/internal/helpers/security" - "synlotto-website/internal/logging" - "synlotto-website/internal/platform/bootstrap" - - "github.com/gin-gonic/gin" ) const insertRegistrationSQL = ` @@ -20,44 +14,6 @@ const insertRegistrationSQL = ` VALUES (?, ?, ?, ?, ?, ?) ` -func AdminOnly() gin.HandlerFunc { - return func(c *gin.Context) { - app := c.MustGet("app").(*bootstrap.App) - sm := app.SessionManager - ctx := c.Request.Context() - - // Require logged in (assumes RequireAuth already ran; this is a safety net) - v := sm.Get(ctx, "user_id") - var uid int64 - switch t := v.(type) { - case int64: - uid = t - case int: - uid = int64(t) - default: - c.Redirect(http.StatusSeeOther, "/account/login") - c.Abort() - return - } - - // Check admin - if !securityHelpers.IsAdmin(app.DB, int(uid)) { - // Optional: log access attempt here or in a helper - c.String(http.StatusForbidden, "Forbidden") - c.Abort() - return - } - - // Optionally record access (moved here from storage) - _, _ = app.DB.Exec(` - INSERT INTO admin_access_log (user_id, path, ip, user_agent, accessed_at) - VALUES ($1, $2, $3, $4, $5) - `, uid, c.Request.URL.Path, c.ClientIP(), c.Request.UserAgent(), time.Now().UTC()) - - c.Next() - } -} - // Todo has to add in - db *sql.DB to make this work should this not be an import as all functions use it, more importantly no functions in storage just sql? // Handler Call - auditlogStorage.LogLoginAttempt(db, r.RemoteAddr, r.UserAgent(), username, ok) func LogLoginAttempt(db *sql.DB, rIP, rUA, username string, success bool) {