kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

감사로그 수행자 표시

Browse Source
This commit is contained in:
김용연
2026-05-15 11:13:25 +09:00
parent 0bf8089120
commit 94f33a0a64
4 changed files with 169 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
backend/internal/middleware/rbac.go
View File

@@ -20,6 +20,16 @@ type AuthProfileProvider interface {
GetEnrichedProfile(c *fiber.Ctx) (*domain.UserProfileResponse, error)
}
func setAuditUserContext(c *fiber.Ctx, profile *domain.UserProfileResponse) {
if profile == nil || profile.ID == "" {
return
}
if existingUserID, _ := c.Locals("user_id").(string); existingUserID != "" {
return
}
c.Locals("user_id", profile.ID)
}
// RequireKetoPermission enforces permissions using Ory Keto (ReBAC)
func RequireKetoPermission(config RBACConfig, namespace, relation string) fiber.Handler {
return func(c *fiber.Ctx) error {
@@ -30,6 +40,7 @@ func RequireKetoPermission(config RBACConfig, namespace, relation string) fiber.
// Store profile in locals for further use in handlers
c.Locals("user_profile", profile)
setAuditUserContext(c, profile)
role := domain.NormalizeRole(profile.Role)
@@ -92,6 +103,7 @@ func RequireRole(config RBACConfig) fiber.Handler {
// Store profile in locals for further use in handlers
c.Locals("user_profile", profile)
setAuditUserContext(c, profile)
userRole := domain.NormalizeRole(profile.Role)
@@ -139,6 +151,7 @@ func RequireTenantMatch(config RBACConfig) fiber.Handler {
// Store profile in locals for further use in handlers
c.Locals("user_profile", profile)
setAuditUserContext(c, profile)
userRole := domain.NormalizeRole(profile.Role)