50 lines
1.4 KiB
Go
50 lines
1.4 KiB
Go
// pkg/middleware/admin_middleware.go
|
|
package middleware
|
|
|
|
import (
|
|
"api_bb/pkg/logger"
|
|
"api_bb/pkg/utils"
|
|
"net/http"
|
|
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
// AdminMiddleware проверяет, что пользователь имеет роль администратора
|
|
func AdminMiddleware(next http.Handler) http.Handler {
|
|
logger := logger.NewWrapper(logger.Get().With(zap.String("middleware", "admin")))
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
logger.Info("admin middleware check",
|
|
zap.String("method", r.Method),
|
|
zap.String("path", r.URL.Path),
|
|
zap.String("remote_addr", r.RemoteAddr),
|
|
)
|
|
|
|
// Получаем пользователя из контекста
|
|
user, ok := GetUserFromContext(r.Context())
|
|
if !ok {
|
|
logger.Warn("admin middleware failed - user not found in context")
|
|
utils.RespondWithError(w, http.StatusUnauthorized, "Authentication required")
|
|
return
|
|
}
|
|
|
|
// Проверяем роль пользователя
|
|
if user.Role != "admin" {
|
|
logger.Warn("admin middleware failed - insufficient permissions",
|
|
zap.Uint("user_id", user.ID),
|
|
zap.String("user_role", user.Role),
|
|
zap.String("required_role", "admin"),
|
|
)
|
|
utils.RespondWithError(w, http.StatusForbidden, "Insufficient permissions: admin role required")
|
|
return
|
|
}
|
|
|
|
logger.Debug("admin middleware passed",
|
|
zap.Uint("user_id", user.ID),
|
|
zap.String("user_email", user.Email),
|
|
)
|
|
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|