Routes
Now we're ready to start with the real implementation.
We'll start by adding code to the routes (controllers) that will check if the user has access to perform the actions.
Before we start with that, we need to change the webserver so that it passes the cerberus access token to the context. (The access token will later be generated by the backend using the api key & secret, and passed to the frontend, which includes it with each request)
In the 'internal/server/webserver.go' file, change the code so it looks like:
cerberusTokenPair := cerberus.TokenPair{
AccessToken: c.GetHeader("CerberusAccessToken"),
RefreshToken: c.GetHeader("CerberusRefreshToken"),
}
// Set userId and cerberusToken for route handlers
c.Set("userId", userId)
c.Set("accountId", accountId)
c.Set("cerberusTokenPair", cerberusTokenPair)
c.Next()Also change the cors configuration below:
corsConfig.AllowHeaders = []string{"Content-Type", "Authorization", "CerberusAccessToken", "CerberusRefreshToken"}All changes below are in the 'internal/routes' folder.
Change the 'projects.go' file so that the struct and constructor looks like:
Then, change the 'Create' function so it has the following code:
Now change the 'Get' function to include:
And the 'Delete' function:
You should get the idea by now, and might even take a stab at completing the other routes, but we'll include the solution here anyway.
Next up is the 'sprints.go' file.
Change the 'Create' function to include:
And the 'Start' function:
And the 'End' function:
And lastly, the 'Get' function:
Next is the 'stories.go' file.
The 'Create' function:
The 'Get' function:
The 'Estimate' function:
The 'ChangeStatus' function:
The 'Assign' function:
And lastly, the 'users.go' file.
In the 'Add' function:
As you can see, all that's required to protect our app is to add the 'HasAccess' checks on every controller function in our app that we'd like to protect.
Our routes now have different constructors, and we'll need to update the 'cmd/api/api.go' file:
And also, the 'privateRoutes' function:
Last updated