feat: disable/enable users (#437)

Co-authored-by: Elias Schneider <login@eliasschneider.com>
2026-03-30 03:06:37 +00:00 · 2025-04-18 10:38:50 -05:00
parent 56a8b5d0c0
commit c843a60131
24 changed files with 245 additions and 56 deletions
--- a/backend/internal/middleware/api_key_auth.go
+++ b/backend/internal/middleware/api_key_auth.go
@@ -41,7 +41,10 @@ func (m *ApiKeyAuthMiddleware) Verify(c *gin.Context, adminRequired bool) (userI
 		return "", false, &common.NotSignedInError{}
 	}

-	// Check if the user is an admin
+	if user.Disabled {
+		return "", false, &common.UserDisabledError{}
+	}
+
 	if adminRequired && !user.IsAdmin {
 		return "", false, &common.MissingPermissionError{}
 	}
--- a/backend/internal/middleware/auth_middleware.go
+++ b/backend/internal/middleware/auth_middleware.go
@@ -19,11 +19,12 @@ type AuthOptions struct {

 func NewAuthMiddleware(
 	apiKeyService *service.ApiKeyService,
+	userService *service.UserService,
 	jwtService *service.JwtService,
 ) *AuthMiddleware {
 	return &AuthMiddleware{
 		apiKeyMiddleware: NewApiKeyAuthMiddleware(apiKeyService, jwtService),
-		jwtMiddleware:    NewJwtAuthMiddleware(jwtService),
+		jwtMiddleware:    NewJwtAuthMiddleware(jwtService, userService),
 		options: AuthOptions{
 			AdminRequired:   true,
 			SuccessOptional: false,
@@ -57,12 +58,13 @@ func (m *AuthMiddleware) WithSuccessOptional() *AuthMiddleware {

 func (m *AuthMiddleware) Add() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		// First try JWT auth
 		userID, isAdmin, err := m.jwtMiddleware.Verify(c, m.options.AdminRequired)
 		if err == nil {
-			// JWT auth succeeded, continue with the request
 			c.Set("userID", userID)
 			c.Set("userIsAdmin", isAdmin)
+			if c.IsAborted() {
+				return
+			}
 			c.Next()
 			return
 		}
@@ -70,9 +72,11 @@ func (m *AuthMiddleware) Add() gin.HandlerFunc {
 		// JWT auth failed, try API key auth
 		userID, isAdmin, err = m.apiKeyMiddleware.Verify(c, m.options.AdminRequired)
 		if err == nil {
-			// API key auth succeeded, continue with the request
 			c.Set("userID", userID)
 			c.Set("userIsAdmin", isAdmin)
+			if c.IsAborted() {
+				return
+			}
 			c.Next()
 			return
 		}
--- a/backend/internal/middleware/jwt_auth.go
+++ b/backend/internal/middleware/jwt_auth.go
@@ -10,11 +10,12 @@ import (
 )

 type JwtAuthMiddleware struct {
-	jwtService *service.JwtService
+	userService *service.UserService
+	jwtService  *service.JwtService
 }

-func NewJwtAuthMiddleware(jwtService *service.JwtService) *JwtAuthMiddleware {
-	return &JwtAuthMiddleware{jwtService: jwtService}
+func NewJwtAuthMiddleware(jwtService *service.JwtService, userService *service.UserService) *JwtAuthMiddleware {
+	return &JwtAuthMiddleware{jwtService: jwtService, userService: userService}
 }

 func (m *JwtAuthMiddleware) Add(adminRequired bool) gin.HandlerFunc {
@@ -55,12 +56,16 @@ func (m *JwtAuthMiddleware) Verify(c *gin.Context, adminRequired bool) (subject
 		return
 	}

-	// Check if the user is an admin
-	isAdmin, err = service.GetIsAdmin(token)
+	user, err := m.userService.GetUser(c, subject)
 	if err != nil {
-		return "", false, &common.TokenInvalidError{}
+		return "", false, &common.NotSignedInError{}
 	}
-	if adminRequired && !isAdmin {
+
+	if user.Disabled {
+		return "", false, &common.UserDisabledError{}
+	}
+
+	if adminRequired && !user.IsAdmin {
 		return "", false, &common.MissingPermissionError{}
 	}