MCPcopy Index your code
hub / github.com/supabase/auth / requireAdmin

Method requireAdmin

internal/api/auth.go:47–65  ·  view source on GitHub ↗
(ctx context.Context)

Source from the content-addressed store, hash-verified

45}
46
47func (a *API) requireAdmin(ctx context.Context) (context.Context, error) {
48 // Find the administrative user
49 claims := getClaims(ctx)
50 if claims == nil {
51 return nil, apierrors.NewForbiddenError(apierrors.ErrorCodeBadJWT, "Invalid token")
52 }
53
54 adminRoles := a.config.JWT.AdminRoles
55
56 if slices.Contains(adminRoles, claims.Role) {
57 // successful authentication
58 return withAdminUser(ctx, &models.User{Role: claims.Role, Email: storage.NullString(claims.Role)}), nil
59 }
60
61 return nil, apierrors.NewForbiddenError(apierrors.ErrorCodeNotAdmin, "User not allowed").
62 WithInternalMessage(
63 "this token needs to have one of the following roles: %v",
64 strings.Join(adminRoles, ", "))
65}
66
67func (a *API) extractBearerToken(r *http.Request) (string, error) {
68 authHeader := r.Header.Get("Authorization")

Callers 1

Calls 6

NewForbiddenErrorFunction · 0.92
NullStringTypeAlias · 0.92
getClaimsFunction · 0.85
withAdminUserFunction · 0.85
ContainsMethod · 0.80
WithInternalMessageMethod · 0.45

Tested by

no test coverage detected