SynLotto/website
1
0
Fork 0
Code Issues 19 Pull Requests Actions Packages Projects 5 Releases Wiki Activity

Moved admin only to middleware.

Browse Source
This commit is contained in:
Ross Healy
2025-10-28 15:24:25 +00:00
parent c9f3863a25
commit aa20652abc
2 changed files with 52 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
internal/http/middleware/admin.go Normal file
View File

@@ -0,0 +1,52 @@
package middleware
import (
"net/http"
"time"
httphelpers "synlotto-website/internal/helpers/http"
securityHelpers "synlotto-website/internal/helpers/security"
auditlogStorage "synlotto-website/internal/storage/auditlog"
"synlotto-website/internal/platform/bootstrap"
"github.com/gin-gonic/gin"
)
func AdminOnly() gin.HandlerFunc {
return func(c *gin.Context) {
app := c.MustGet("app").(*bootstrap.App)
sm := app.SessionManager
ctx := c.Request.Context()
v := sm.Get(ctx, "user_id")
var uid int64
switch t := v.(type) {
case int64:
uid = t
case int:
uid = int64(t)
default:
c.Redirect(http.StatusSeeOther, "/account/login")
c.Abort()
return
}
if !securityHelpers.IsAdmin(app.DB, int(uid)) {
c.String(http.StatusForbidden, "Forbidden")
c.Abort()
return
}
auditlogStorage.LogAdminAccess(
app.DB,
uid,
c.Request.URL.Path,
httphelpers.ClientIP(c.Request),
c.Request.UserAgent(),
time.Now().UTC(),
)
c.Next()
}
}

44
internal/storage/auditlog/create.go
View File

@@ -3,15 +3,9 @@ package storage
import ( import (
"context" "context"
"database/sql" "database/sql"
"net/http"
"time" "time"
securityHelpers "synlotto-website/internal/helpers/security"
"synlotto-website/internal/logging" "synlotto-website/internal/logging"
"synlotto-website/internal/platform/bootstrap"
"github.com/gin-gonic/gin"
) )
const insertRegistrationSQL = ` const insertRegistrationSQL = `
@@ -20,44 +14,6 @@ const insertRegistrationSQL = `
VALUES (?, ?, ?, ?, ?, ?) VALUES (?, ?, ?, ?, ?, ?)
` `
func AdminOnly() gin.HandlerFunc {
return func(c *gin.Context) {
app := c.MustGet("app").(*bootstrap.App)
sm := app.SessionManager
ctx := c.Request.Context()
// Require logged in (assumes RequireAuth already ran; this is a safety net)
v := sm.Get(ctx, "user_id")
var uid int64
switch t := v.(type) {
case int64:
uid = t
case int:
uid = int64(t)
default:
c.Redirect(http.StatusSeeOther, "/account/login")
c.Abort()
return
}
// Check admin
if !securityHelpers.IsAdmin(app.DB, int(uid)) {
// Optional: log access attempt here or in a helper
c.String(http.StatusForbidden, "Forbidden")
c.Abort()
return
}
// Optionally record access (moved here from storage)
_, _ = app.DB.Exec(`
INSERT INTO admin_access_log (user_id, path, ip, user_agent, accessed_at)
VALUES ($1, $2, $3, $4, $5)
`, uid, c.Request.URL.Path, c.ClientIP(), c.Request.UserAgent(), time.Now().UTC())
c.Next()
}
}
// Todo has to add in - db *sql.DB to make this work should this not be an import as all functions use it, more importantly no functions in storage just sql? // Todo has to add in - db *sql.DB to make this work should this not be an import as all functions use it, more importantly no functions in storage just sql?
// Handler Call - auditlogStorage.LogLoginAttempt(db, r.RemoteAddr, r.UserAgent(), username, ok) // Handler Call - auditlogStorage.LogLoginAttempt(db, r.RemoteAddr, r.UserAgent(), username, ok)
func LogLoginAttempt(db *sql.DB, rIP, rUA, username string, success bool) { func LogLoginAttempt(db *sql.DB, rIP, rUA, username string, success bool) {