Updated scopes

djthorpe · djthorpe · commit 201ca3969a28 · 2024-06-05T09:41:45.000+02:00
diff --git a/pkg/handler/auth/client/client_test.go b/pkg/handler/auth/client/client_test.go
@@ -78,7 +78,7 @@ func Test_client_003(t *testing.T) {
 func Test_client_004(t *testing.T) {
 	assert := assert.New(t)
 	opts := []client.ClientOpt{
-		client.OptTrace(os.Stderr, true),
+		client.OptTrace(os.Stderr, false),
 	}
 	if token := GetToken(t); token != "" {
 		opts = append(opts, client.OptReqToken(client.Token{
diff --git a/pkg/handler/auth/middleware.go b/pkg/handler/auth/middleware.go
@@ -7,6 +7,7 @@ import (
 
 	// Packages
 	"github.com/mutablelogic/go-server"
+	"github.com/mutablelogic/go-server/pkg/handler/router"
 	"github.com/mutablelogic/go-server/pkg/httpresponse"
 )
 
@@ -52,13 +53,12 @@ func (middleware *auth) Wrap(ctx context.Context, next http.HandlerFunc) http.Ha
 		} else if !token.IsValid() {
 			authorized = false
 		} else if token.IsScope(ScopeRoot) {
-			// Allow
-		} else {
-			// TODO: Get scope for the route
-			var allowedScopes = []string{}
-			if token.IsScope(allowedScopes...) {
-				authorized = true
-			}
+			// Allow - token is a super-user token
+		} else if allowedScopes := router.Scope(r.Context()); len(allowedScopes) == 0 {
+			// Allow - no scopes have been defined on this endpoint
+		} else if !token.IsScope(allowedScopes...) {
+			// Deny - token does not have the required scopes
+			authorized = false
 		}
 
 		// Return unauthorized if token is not found or not valid

Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ func Test_client_003(t *testing.T) {`
`78`	`78`	`func Test_client_004(t *testing.T) {`
`79`	`79`	`assert := assert.New(t)`
`80`	`80`	`opts := []client.ClientOpt{`
`81`		`- client.OptTrace(os.Stderr, true),`
	`81`	`+ client.OptTrace(os.Stderr, false),`
`82`	`82`	`}`
`83`	`83`	`if token := GetToken(t); token != "" {`
`84`	`84`	`opts = append(opts, client.OptReqToken(client.Token{`