JohnCosta27/Haystack
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

wip(token): verifying user when getting the image

Browse Source
This commit is contained in:
John Costa
2025-04-11 19:35:49 +01:00
parent 5fee1f9ccc
commit fba1618888
2 changed files with 179 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
backend/main.go
View File

@ -66,18 +66,11 @@ func main() {
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
}) })
r.Group(func(r chi.Router) {
r.Use(ProtectedRoute)
r.Get("/image", func(w http.ResponseWriter, r *http.Request) { r.Get("/image", func(w http.ResponseWriter, r *http.Request) {
token := r.Header.Get("Authorization")[7:] userId := r.Context().Value(USER_ID).(uuid.UUID)
fmt.Println(token)
userId, err := GetUserIdFromAccess(token)
if err != nil {
log.Println(err)
w.WriteHeader(http.StatusForbidden)
fmt.Fprintf(w, "Get out of here!")
return
}
images, err := userModel.ListWithProperties(r.Context(), userId) images, err := userModel.ListWithProperties(r.Context(), userId)
if err != nil { if err != nil {
@ -132,6 +125,8 @@ func main() {
r.Get("/image/{id}", func(w http.ResponseWriter, r *http.Request) { r.Get("/image/{id}", func(w http.ResponseWriter, r *http.Request) {
imageId := r.PathValue("id") imageId := r.PathValue("id")
_ = r.Context().Value(USER_ID).(uuid.UUID)
// TODO: really need authorization here! // TODO: really need authorization here!
image, err := imageModel.Get(r.Context(), uuid.MustParse(imageId)) image, err := imageModel.Get(r.Context(), uuid.MustParse(imageId))
if err != nil { if err != nil {
@ -239,6 +234,8 @@ func main() {
w.Header().Add("Content-Type", "application/json") w.Header().Add("Content-Type", "application/json")
}) })
})
r.Post("/login", func(w http.ResponseWriter, r *http.Request) { r.Post("/login", func(w http.ResponseWriter, r *http.Request) {
type LoginBody struct { type LoginBody struct {
Email string `json:"email"` Email string `json:"email"`

30
backend/middleware.go
View File

@ -1,6 +1,10 @@
package main package main
import "net/http" import (
"context"
"fmt"
"net/http"
)
func CorsMiddleware(next http.Handler) http.Handler { func CorsMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@ -11,3 +15,27 @@ func CorsMiddleware(next http.Handler) http.Handler {
next.ServeHTTP(w, r) next.ServeHTTP(w, r)
}) })
} }
const USER_ID = "UserID"
func ProtectedRoute(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
token := r.Header.Get("Authorization")
if len(token) < len("Bearer ") {
w.WriteHeader(http.StatusUnauthorized)
return
}
fmt.Println(token[len("Bearer "):])
userId, err := GetUserIdFromAccess(token[len("Bearer "):])
if err != nil {
w.WriteHeader(http.StatusUnauthorized)
return
}
contextWithUserId := context.WithValue(r.Context(), USER_ID, userId)
newR := r.WithContext(contextWithUserId)
next.ServeHTTP(w, newR)
})
}