---
title: Enforce Authorization At Trusted Service Layer
impact: CRITICAL
impactDescription: prevents client-side authorization bypass
tags: authorization, server-side, middleware, access-control, security
---

## Enforce Authorization At Trusted Service Layer

Client-side authorization can be bypassed. All permission checks must occur server-side where they cannot be manipulated.

**Incorrect (client-side or trusting client data):**

```go
// Trusting client-sent role
func deleteUserHandler(w http.ResponseWriter, r *http.Request) {
    userRole := r.FormValue("role") // From client!
    if userRole == "admin" {
        deleteUser(r.FormValue("id"))
    }
}
```

**Correct (server-side authorization middleware):**

```go
func authMiddleware(requiredRole string, next http.HandlerFunc) http.HandlerFunc {
    return func(w http.ResponseWriter, r *http.Request) {
        token := r.Header.Get("Authorization")
        user, err := getUserFromToken(token)
        if err != nil {
            http.Error(w, "Unauthorized", http.StatusUnauthorized)
            return
        }
        
        if !checkPermission(user.ID, requiredRole) {
            http.Error(w, "Forbidden", http.StatusForbidden)
            return
        }
        
        next.ServeHTTP(w, r)
    }
}

// Router usage
http.HandleFunc("/users/delete", authMiddleware("admin", deleteUserHandler))
```

**Never trust:**
- Client-side JavaScript checks
- Hidden form fields
- URL parameters for access control
- Unvalidated tokens from browser storage

**Tools:** Manual Review, Static Analysis, Penetration Testing