UltiSuite/ultisuite-backend
UltiSuite/ultisuite-backend
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
d3c930cac6
ultisuite-backend/internal/api/middleware/scope.go
R3D347HR4Y bd7534658a Refactor and enhance unified frontend and API features 
- Updated environment configuration to unify frontend for mail and drive under a single service.
- Revised README to reflect changes in frontend setup and routing for the unified application.
- Introduced new API documentation endpoints for better accessibility of API specifications.
- Enhanced drive and mail services with improved handling of file uploads and metadata enrichment.
- Implemented new API token management features, including creation, listing, and revocation of tokens.
- Added tests for new functionalities in drive and mail services to ensure reliability and correctness.
2026-06-07 15:44:30 +02:00

49 lines
1.3 KiB
Go
Raw Blame History

package middleware
import (
"context"
"net/http"
"github.com/ultisuite/ulti-backend/internal/api/apiresponse"
"github.com/ultisuite/ulti-backend/internal/apitokens"
)
// MailScopeAccountIDs returns nil when all mail accounts are allowed (session or token),
// otherwise the explicit account IDs authorized by the API token.
func MailScopeAccountIDs(ctx context.Context) []string {
auth := ApiTokenFromContext(ctx)
if auth == nil || auth.MailScope.AllAccounts {
return nil
}
return auth.MailScope.AccountIDs
}
func DenyIfMailAccountOutOfScope(w http.ResponseWriter, r *http.Request, accountID string) bool {
auth := ApiTokenFromContext(r.Context())
if auth == nil || accountID == "" {
return false
}
if apitokens.AllowsMailAccount(auth, accountID) {
return false
}
apiresponse.WriteError(w, r, http.StatusForbidden, apiresponse.CodeAuthForbidden, "mail account out of token scope", nil)
return true
}
func DenyIfDrivePathOutOfScope(w http.ResponseWriter, r *http.Request, paths ...string) bool {
auth := ApiTokenFromContext(r.Context())
if auth == nil {
return false
}
for _, p := range paths {
if p == "" {
continue
}
if !apitokens.AllowsDrivePath(auth, p) {
apiresponse.WriteError(w, r, http.StatusForbidden, apiresponse.CodeAuthForbidden, "drive path out of token scope", nil)
return true
}
}
return false
}
Reference in New Issue View Git Blame Copy Permalink