(ctx context.Context)
| 45 | } |
| 46 | |
| 47 | func (a *API) requireAdmin(ctx context.Context) (context.Context, error) { |
| 48 | // Find the administrative user |
| 49 | claims := getClaims(ctx) |
| 50 | if claims == nil { |
| 51 | return nil, apierrors.NewForbiddenError(apierrors.ErrorCodeBadJWT, "Invalid token") |
| 52 | } |
| 53 | |
| 54 | adminRoles := a.config.JWT.AdminRoles |
| 55 | |
| 56 | if slices.Contains(adminRoles, claims.Role) { |
| 57 | // successful authentication |
| 58 | return withAdminUser(ctx, &models.User{Role: claims.Role, Email: storage.NullString(claims.Role)}), nil |
| 59 | } |
| 60 | |
| 61 | return nil, apierrors.NewForbiddenError(apierrors.ErrorCodeNotAdmin, "User not allowed"). |
| 62 | WithInternalMessage( |
| 63 | "this token needs to have one of the following roles: %v", |
| 64 | strings.Join(adminRoles, ", ")) |
| 65 | } |
| 66 | |
| 67 | func (a *API) extractBearerToken(r *http.Request) (string, error) { |
| 68 | authHeader := r.Header.Get("Authorization") |
no test coverage detected