117 lines
2.9 KiB
Go
117 lines
2.9 KiB
Go
package middleware
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/charmbracelet/log"
|
|
"github.com/google/uuid"
|
|
)
|
|
|
|
func CorsMiddleware(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Add("Access-Control-Allow-Origin", "*")
|
|
w.Header().Add("Access-Control-Allow-Headers", "*")
|
|
|
|
// Access-Control-Allow-Methods is often needed for preflight OPTIONS requests
|
|
w.Header().Add("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS")
|
|
|
|
// The client makes an OPTIONS preflight request before a complex request.
|
|
// We must handle this and respond with the appropriate headers.
|
|
if r.Method == "OPTIONS" {
|
|
w.WriteHeader(http.StatusOK)
|
|
return
|
|
}
|
|
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
|
|
const USER_ID = "UserID"
|
|
|
|
func GetUserID(ctx context.Context, logger *log.Logger, w http.ResponseWriter) (uuid.UUID, error) {
|
|
userId := ctx.Value(USER_ID)
|
|
|
|
if userId == nil {
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
logger.Warn("UserID not present in request")
|
|
return uuid.Nil, errors.New("context does not contain a user id")
|
|
}
|
|
|
|
userIdUuid, ok := userId.(uuid.UUID)
|
|
if !ok {
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
logger.Warn("UserID not of correct type")
|
|
return uuid.Nil, fmt.Errorf("context user id is not of type uuid, got: %t", userId)
|
|
}
|
|
|
|
return userIdUuid, nil
|
|
}
|
|
|
|
func ProtectedRoute(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
token := r.Header.Get("Authorization")
|
|
if len(token) < len("Bearer ") {
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
userId, err := GetUserIdFromAccess(token[len("Bearer "):])
|
|
if err != nil {
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
contextWithUserId := context.WithValue(r.Context(), USER_ID, userId)
|
|
|
|
newR := r.WithContext(contextWithUserId)
|
|
next.ServeHTTP(w, newR)
|
|
})
|
|
}
|
|
|
|
func GetUserIdFromUrl(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
token := r.URL.Query().Get("token")
|
|
|
|
if len(token) == 0 {
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
userId, err := GetUserIdFromAccess(token)
|
|
if err != nil {
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
contextWithUserId := context.WithValue(r.Context(), USER_ID, userId)
|
|
|
|
newR := r.WithContext(contextWithUserId)
|
|
next.ServeHTTP(w, newR)
|
|
})
|
|
}
|
|
|
|
func GetPathParamID(logger *log.Logger, param string, w http.ResponseWriter, r *http.Request) (uuid.UUID, error) {
|
|
pathParam := r.PathValue(param)
|
|
if len(pathParam) == 0 {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
|
|
err := fmt.Errorf("%s was not present", param)
|
|
logger.Warn(err)
|
|
return uuid.Nil, err
|
|
}
|
|
|
|
uuidParam, err := uuid.Parse(pathParam)
|
|
if len(pathParam) == 0 {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
|
|
err := fmt.Errorf("could not parse param: %w", err)
|
|
logger.Warn(err)
|
|
return uuid.Nil, err
|
|
}
|
|
|
|
return uuidParam, nil
|
|
}
|