39 lines
836 B
Go
39 lines
836 B
Go
//go:build ignore
|
|
// +build ignore
|
|
|
|
package middleware
|
|
|
|
import (
|
|
"net/http"
|
|
"strings"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"stream.api/internal/database/model"
|
|
"stream.api/pkg/response"
|
|
)
|
|
|
|
// RequireAdmin returns a Gin middleware that blocks non-admin users.
|
|
// Must be placed after the auth middleware so "user" is set in the context.
|
|
func RequireAdmin() gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
userValue, exists := c.Get("user")
|
|
if !exists {
|
|
response.Error(c, http.StatusUnauthorized, "Unauthorized")
|
|
return
|
|
}
|
|
|
|
user, ok := userValue.(*model.User)
|
|
if !ok || user == nil {
|
|
response.Error(c, http.StatusUnauthorized, "Unauthorized")
|
|
return
|
|
}
|
|
|
|
if user.Role == nil || strings.ToUpper(*user.Role) != "ADMIN" {
|
|
response.Error(c, http.StatusForbidden, "Admin access required")
|
|
return
|
|
}
|
|
|
|
c.Next()
|
|
}
|
|
}
|