package middleware import ( "net/http" "git.dustin.coffee/hobokenchicken/dumpsterChat/internal/permissions" "github.com/go-chi/chi/v5" ) // RequirePermission returns middleware that verifies the authenticated user has // the given permission bits in the server identified by the {serverID} URL // parameter. Returns 403 Forbidden if the check fails. func RequirePermission(checker *permissions.Checker, perm int64) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { userID, ok := UserIDFromContext(r.Context()) if !ok { http.Error(w, `{"error":"unauthorized"}`, http.StatusUnauthorized) return } serverID := chi.URLParam(r, "serverID") if serverID == "" { http.Error(w, `{"error":"serverID is required"}`, http.StatusBadRequest) return } allowed, err := checker.CheckPermission(r.Context(), serverID, userID, perm) if err != nil { http.Error(w, `{"error":"server error"}`, http.StatusInternalServerError) return } if !allowed { http.Error(w, `{"error":"forbidden"}`, http.StatusForbidden) return } next.ServeHTTP(w, r) }) } }