feat: auth middleware

This commit is contained in:
2025-05-19 16:36:19 +02:00
parent cb91a10192
commit d50bd6c4f5
2 changed files with 61 additions and 1 deletions

View File

@ -7,6 +7,8 @@ import (
"os" "os"
"path/filepath" "path/filepath"
"gitea.local/admin/hspguard/internal/auth"
imiddleware "gitea.local/admin/hspguard/internal/middleware"
"gitea.local/admin/hspguard/internal/repository" "gitea.local/admin/hspguard/internal/repository"
"gitea.local/admin/hspguard/internal/user" "gitea.local/admin/hspguard/internal/user"
"github.com/go-chi/chi/v5" "github.com/go-chi/chi/v5"
@ -34,8 +36,13 @@ func (s *APIServer) Run() error {
FileServer(router, "/static", staticDir) FileServer(router, "/static", staticDir)
router.Route("/api/v1", func(r chi.Router) { router.Route("/api/v1", func(r chi.Router) {
r.Use(imiddleware.WithSkipper(imiddleware.AuthMiddleware, "/api/v1/login", "/api/v1/register"))
userHandler := user.NewUserHandler(s.repo) userHandler := user.NewUserHandler(s.repo)
userHandler.RegisterRoutes(router, r) userHandler.RegisterRoutes(router, r)
authHandler := auth.NewAuthHandler(s.repo)
authHandler.RegisterRoutes(router, r)
}) })
// Handle unknown routes // Handle unknown routes
@ -48,7 +55,7 @@ func (s *APIServer) Run() error {
router.MethodNotAllowed(func(w http.ResponseWriter, r *http.Request) { router.MethodNotAllowed(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusMethodNotAllowed) w.WriteHeader(http.StatusMethodNotAllowed)
fmt.Fprint(w, `{"error": "405 - method not allowed"}`) _, _ = fmt.Fprint(w, `{"error": "405 - method not allowed"}`)
}) })
log.Println("Listening on", s.addr) log.Println("Listening on", s.addr)

View File

@ -0,0 +1,53 @@
package middleware
import (
"context"
"fmt"
"net/http"
"strings"
"gitea.local/admin/hspguard/internal/auth"
"gitea.local/admin/hspguard/internal/types"
"gitea.local/admin/hspguard/internal/web"
)
func AuthMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
authHeader := r.Header.Get("Authorization")
if authHeader == "" {
web.Error(w, "unauthorized", http.StatusUnauthorized)
return
}
parts := strings.Split(authHeader, "Bearer ")
if len(parts) != 2 {
web.Error(w, "invalid auth header format", http.StatusUnauthorized)
return
}
tokenStr := parts[1]
token, userClaims, err := auth.VerifyToken(tokenStr)
if err != nil || !token.Valid {
http.Error(w, fmt.Sprintf("invalid token: %v", err), http.StatusUnauthorized)
return
}
ctx := context.WithValue(r.Context(), types.UserIdKey, userClaims.UserID)
next.ServeHTTP(w, r.WithContext(ctx))
})
}
func WithSkipper(mw func(http.Handler) http.Handler, excludedPaths ...string) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
for _, path := range excludedPaths {
if strings.HasPrefix(r.URL.Path, path) {
next.ServeHTTP(w, r)
return
}
}
mw(next).ServeHTTP(w, r)
})
}
}