From 1a4db87c73f323d3fda967b8ff93f8deeccc1611 Mon Sep 17 00:00:00 2001
From: masoodk <keshvari.developer@gmail.com>
Date: Wed, 17 Jan 2024 11:16:57 +0330
Subject: [PATCH] feat(middleware): add benefactor authorization middleware

---
 .../benefactor/kind_box_req/route.go          |  4 +++-
 .../middleware/benefactor_authorization.go    | 23 +++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 delivery/http_server/middleware/benefactor_authorization.go

diff --git a/delivery/http_server/benefactor/kind_box_req/route.go b/delivery/http_server/benefactor/kind_box_req/route.go
index eb3c550..a5b9b08 100644
--- a/delivery/http_server/benefactor/kind_box_req/route.go
+++ b/delivery/http_server/benefactor/kind_box_req/route.go
@@ -2,13 +2,15 @@ package benefactorkindboxreqhandler
 
 import (
 	"git.gocasts.ir/ebhomengo/niki/delivery/http_server/middleware"
+	"git.gocasts.ir/ebhomengo/niki/entity"
 	echo "github.com/labstack/echo/v4"
 )
 
 func (h Handler) SetRoutes(e *echo.Echo) {
 	r := e.Group("/benefactor/kindboxreqs")
 
-	r.POST("/", h.Add, middleware.Auth(h.authSvc, h.authConfig))
+	r.POST("/", h.Add, middleware.Auth(h.authSvc, h.authConfig),
+		middleware.BenefactorAuthorization(entity.UserBenefactorRole))
 	//nolint:gocritic
 	// r.GET("/:id", h.Get)
 	// r.GET("/", h.GetAll)
diff --git a/delivery/http_server/middleware/benefactor_authorization.go b/delivery/http_server/middleware/benefactor_authorization.go
new file mode 100644
index 0000000..547b7fa
--- /dev/null
+++ b/delivery/http_server/middleware/benefactor_authorization.go
@@ -0,0 +1,23 @@
+package middleware
+
+import (
+	"net/http"
+
+	"git.gocasts.ir/ebhomengo/niki/entity"
+	"git.gocasts.ir/ebhomengo/niki/pkg/claim"
+	errmsg "git.gocasts.ir/ebhomengo/niki/pkg/err_msg"
+	"github.com/labstack/echo/v4"
+)
+
+func BenefactorAuthorization(role entity.UserRole) echo.MiddlewareFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(c echo.Context) error {
+			claims := claim.GetClaimsFromEchoContext(c)
+			if claims.Role != role {
+				return c.JSON(http.StatusForbidden, echo.Map{"message": errmsg.ErrorMsgUserNotAllowed})
+			}
+
+			return next(c)
+		}
+	}
+}