Achim Rohn
144 lines
4.2 KiB
Go
144 lines
4.2 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"git.gorlug.de/code/ersteller/schema/ent/example/ent"
|
|
"git.gorlug.de/code/ersteller/schema/ent/example/ent/group"
|
|
"git.gorlug.de/code/ersteller/schema/ent/example/ent/todo"
|
|
"git.gorlug.de/code/ersteller/schema/ent/example/ent/user"
|
|
"log"
|
|
"time"
|
|
|
|
_ "github.com/mattn/go-sqlite3"
|
|
)
|
|
|
|
func main() {
|
|
//client, err := ent.Open("sqlite3", "file:ent?mode=memory&cache=shared&_fk=1")
|
|
client, err := ent.Open("sqlite3", "/tmp/ersteller_ent_example.db?_fk=1",
|
|
ent.Log(log.Println), ent.Debug())
|
|
if err != nil {
|
|
log.Fatalf("failed opening connection to sqlite: %v", err)
|
|
}
|
|
log.Println("client", client)
|
|
defer client.Close()
|
|
|
|
// Add authorization interceptor for Todo queries
|
|
client.Todo.Intercept(TodoAuthorizationInterceptor())
|
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), time.Minute*5)
|
|
defer cancel()
|
|
|
|
if err := client.Schema.Create(ctx); err != nil {
|
|
log.Fatalf("failed creating schema resources: %v", err)
|
|
}
|
|
|
|
testGroup, err := client.Group.Create().SetName("Test").Save(ctx)
|
|
if err != nil {
|
|
log.Fatalf("failed creating group: %w", err)
|
|
}
|
|
u, err := client.User.
|
|
Create().
|
|
SetEmail("something@gorlug.de").
|
|
SetPassword("uhoh").
|
|
AddGroup(testGroup).
|
|
Save(ctx)
|
|
if err != nil {
|
|
log.Fatalf("failed creating user: %w", err)
|
|
}
|
|
log.Println("user was created: ", u)
|
|
|
|
//time.Sleep(time.Second * 1)
|
|
//u, err = client.User.UpdateOneID(u.ID).SetPassword("wtf").Save(ctx)
|
|
//if err != nil {
|
|
// log.Fatalf("failed updating user: %w", err)
|
|
//}j
|
|
//log.Println("user was updated", u)
|
|
query := client.User.Query()
|
|
users, nextId, hasNext, err := query.PaginateAfterID(ctx, 0, 2)
|
|
if err != nil {
|
|
log.Fatalf("failed listing users: %w", err)
|
|
}
|
|
if hasNext {
|
|
log.Println("next id", nextId)
|
|
for _, u := range users {
|
|
log.Println("user", u.ID, u.Email, u.Password)
|
|
}
|
|
}
|
|
users, nextId, hasNext, err = query.PaginateAfterID(ctx, nextId, 2)
|
|
if err != nil {
|
|
log.Fatalf("failed listing users: %w", err)
|
|
}
|
|
if hasNext {
|
|
log.Println("2 next id", nextId)
|
|
for _, u := range users {
|
|
log.Println("2 user", u.ID, u.Email, u.Password)
|
|
}
|
|
}
|
|
|
|
todoItem, err := client.Todo.Create().SetTitle("test").
|
|
SetGroup(testGroup).Save(ctx)
|
|
if err != nil {
|
|
log.Fatalf("failed to create todo", err)
|
|
}
|
|
|
|
// Add user ID to context for authorization
|
|
authorizedCtx := context.WithValue(ctx, UserIDKey, u.ID)
|
|
|
|
// This should work - user is in the group
|
|
retrievedTodo, err := client.Todo.Get(authorizedCtx, todoItem.ID)
|
|
if err != nil {
|
|
log.Fatalf("failed getting todo with authorization: %v", err)
|
|
}
|
|
log.Println("retrieved todo:", retrievedTodo)
|
|
|
|
// This should fail - no user ID in context
|
|
_, err = client.Todo.Get(ctx, todoItem.ID)
|
|
if err != nil {
|
|
log.Println("expected authorization error:", err)
|
|
}
|
|
|
|
secondGroup, err := client.Group.Create().SetName("second").Save(ctx)
|
|
if err != nil {
|
|
log.Fatalf("failed creating group: %w", err)
|
|
}
|
|
secondUser, err := client.User.Create().SetEmail("abc@def.de").AddGroup(secondGroup).Save(ctx)
|
|
if err != nil {
|
|
log.Fatalf("failed creating user: %w", err)
|
|
}
|
|
|
|
// Add user ID to context for authorization
|
|
secondUserAuthorizedCtx := context.WithValue(ctx, UserIDKey, secondUser.ID)
|
|
_, err = client.Todo.Get(secondUserAuthorizedCtx, todoItem.ID)
|
|
if err != nil {
|
|
log.Println("expected authorization error:", err)
|
|
}
|
|
}
|
|
|
|
// UserIDKey is used to store user ID in context
|
|
type contextKey string
|
|
|
|
const UserIDKey = contextKey("userID")
|
|
|
|
// TodoAuthorizationInterceptor returns an interceptor that enforces user authorization for todos
|
|
func TodoAuthorizationInterceptor() ent.Interceptor {
|
|
return ent.InterceptFunc(func(next ent.Querier) ent.Querier {
|
|
return ent.QuerierFunc(func(ctx context.Context, query ent.Query) (ent.Value, error) {
|
|
// Get user ID from context
|
|
userID, ok := ctx.Value(UserIDKey).(int)
|
|
if !ok {
|
|
return nil, fmt.Errorf("user ID is required in context for todo operations")
|
|
}
|
|
|
|
// Cast to TodoQuery to add authorization filter
|
|
if tq, ok := query.(*ent.TodoQuery); ok {
|
|
// Add predicate to ensure user is in the same group as the todo
|
|
tq = tq.Where(todo.HasGroupWith(group.HasUsersWith(user.ID(userID))))
|
|
return next.Query(ctx, tq)
|
|
}
|
|
|
|
return next.Query(ctx, query)
|
|
})
|
|
})
|
|
}
|