56 lines
1007 B
Go
56 lines
1007 B
Go
package middlewares
|
|
|
|
import (
|
|
"app/database"
|
|
"app/models"
|
|
"app/utils"
|
|
"net/http"
|
|
"strconv"
|
|
|
|
"github.com/labstack/echo/v4"
|
|
)
|
|
|
|
func AdminOnly() echo.MiddlewareFunc {
|
|
return func(next echo.HandlerFunc) echo.HandlerFunc {
|
|
return func(c echo.Context) error {
|
|
cookie, err := c.Cookie("authorization")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
token, err := utils.ParseToken(cookie.Value)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
id, err := strconv.Atoi(token)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
_, checkuser, err := utils.CheckUserByJwt(uint(id))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if !checkuser {
|
|
return echo.ErrNotFound
|
|
}
|
|
|
|
user := new(models.User)
|
|
|
|
db := database.Db()
|
|
|
|
if err := db.Where("is_removed = ?", false).Where("user_id = ?", id).First(user).Error; err != nil {
|
|
return err
|
|
}
|
|
|
|
// Check if the user has the admin role
|
|
if user.Role != "admin" {
|
|
return echo.NewHTTPError(http.StatusForbidden, "Access denied")
|
|
}
|
|
|
|
return next(c)
|
|
}
|
|
}
|
|
}
|