fix: Role checking will actually check the role now

enum-gg · Aug 11, 2023 · e5949d9 · e5949d9
1 parent bb683f6
commit e5949d9
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 13 deletions.
diff --git a/internal/discord/types.go b/internal/discord/types.go
@@ -59,17 +59,17 @@ type User struct {
 }
 
 type GuildMemberResponse struct {
-	User                       User          `json:"user"`
-	Nick                       string        `json:"nick"`
-	Avatar                     interface{}   `json:"avatar"`
-	Roles                      []interface{} `json:"roles"`
-	JoinedAt                   time.Time     `json:"joined_at"`
-	PremiumSince               *time.Time    `json:"premiumSince"`
-	Deaf                       bool          `json:"deaf"`
-	Mute                       bool          `json:"mute"`
-	Pending                    *bool         `json:"pending"`
-	Permissions                *string       `json:"permissions"`
-	CommunicationDisabledUntil *time.Time    `json:"communication_disabled_until"`
+	User                       User        `json:"user"`
+	Nick                       string      `json:"nick"`
+	Avatar                     interface{} `json:"avatar"`
+	Roles                      []string    `json:"roles"`
+	JoinedAt                   time.Time   `json:"joined_at"`
+	PremiumSince               *time.Time  `json:"premiumSince"`
+	Deaf                       bool        `json:"deaf"`
+	Mute                       bool        `json:"mute"`
+	Pending                    *bool       `json:"pending"`
+	Permissions                *string     `json:"permissions"`
+	CommunicationDisabledUntil *time.Time  `json:"communication_disabled_until"`
 }
 
 type ErrorResponse struct {

diff --git a/module_callback.go b/module_callback.go
@@ -130,13 +130,23 @@ func (d DiscordAuthPlugin) ServeHTTP(w http.ResponseWriter, r *http.Request, _ c
 
 	for _, rule := range realm.Identifiers {
 		if ResourceRequiresGuild(rule.Resource) {
-			_, err := client.FetchGuildMembership(rule.GuildID)
+			guildMembership, err := client.FetchGuildMembership(rule.GuildID)
 			if err != nil {
 				continue
 				// TODO: check error type - probably not a member of guild...
 			}
 
-			// TODO assert guildMember has data
+			if rule.Resource == DiscordRoleRule {
+				matchedRole := RoleChecker(rule.Identifier, guildMembership.Roles)
+
+				// Found a valid role assigned.
+				if matchedRole != "" {
+					allowed = true
+				}
+
+				break
+			}
+
 			allowed = true
 		} else if rule.Resource == DiscordUserRule && rule.Wildcard == false && rule.Identifier == identity.ID {
 			allowed = true
@@ -190,3 +200,13 @@ func (d DiscordAuthPlugin) ServeHTTP(w http.ResponseWriter, r *http.Request, _ c
 
 	return nil
 }
+
+func RoleChecker(desiredRoleID string, roles []string) string {
+	for _, role := range roles {
+		if role == desiredRoleID {
+			return role
+		}
+	}
+
+	return ""
+}