github.com/fragmenta/fragmenta-cms@v1.5.5/src/app/auth.go

github.com/fragmenta/fragmenta-cms@v1.5.5/src/app/auth.go (about)

     1  package app
     2  
     3  import (
     4  	"github.com/fragmenta/auth"
     5  	"github.com/fragmenta/auth/can"
     6  	"github.com/fragmenta/server/config"
     7  
     8  	"github.com/fragmenta/fragmenta-cms/src/users"
     9  )
    10  
    11  // SetupAuth sets up the auth pkg and authorisation for users
    12  func SetupAuth() {
    13  
    14  	// Set up the auth package with our secrets from config
    15  	auth.HMACKey = auth.HexToBytes(config.Get("hmac_key"))
    16  	auth.SecretKey = auth.HexToBytes(config.Get("secret_key"))
    17  	auth.SessionName = config.Get("session_name")
    18  
    19  	// Enable https cookies on production server - everyone should be on https
    20  	if config.Production() {
    21  		auth.SecureCookies = true
    22  	}
    23  
    24  	// Set up our authorisation for user roles on resources using can pkg
    25  
    26  	// Admins are allowed to manage all resources
    27  	can.Authorise(users.Admin, can.ManageResource, can.Anything)
    28  
    29  	// Editors may edit their user
    30  	can.AuthoriseOwner(users.Editor, can.UpdateResource, users.TableName)
    31  	// ...
    32  
    33  	// Readers may edit their user
    34  	can.AuthoriseOwner(users.Reader, can.UpdateResource, users.TableName)
    35  
    36  }