4492826354
Replaces the old X-API-Token-based RequireAdmin in middleware.go with a
context-aware RequireAdmin() that runs after RequireUser, checks
user.IsAdmin, and returns 403 {"error":"not_authorized"} for non-admins
or 500 {"error":"internal_error"} if RequireUser was bypassed. Updates
server.go to mount RequireUser then RequireAdmin on the /api/admin group.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
20 lines
469 B
Go
20 lines
469 B
Go
package auth
|
|
|
|
import (
|
|
"context"
|
|
|
|
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
|
|
)
|
|
|
|
type ctxKey int
|
|
|
|
const userCtxKey ctxKey = 1
|
|
|
|
// UserFromContext returns the authenticated user placed in context by
|
|
// RequireUser. Returns false when RequireUser has not run (e.g. in tests that
|
|
// bypass the middleware, or programmer-error routing).
|
|
func UserFromContext(ctx context.Context) (dbq.User, bool) {
|
|
u, ok := ctx.Value(userCtxKey).(dbq.User)
|
|
return u, ok
|
|
}
|