| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 |
- package middleware
- import (
- "context"
- "net/http"
- "strings"
- "cmr-backend/internal/apperr"
- "cmr-backend/internal/httpx"
- "cmr-backend/internal/platform/jwtx"
- )
- type authContextKey string
- const authKey authContextKey = "auth"
- type AuthContext struct {
- UserID string
- UserPublicID string
- RoleCode string
- }
- func NewAuthMiddleware(jwtManager *jwtx.Manager) func(http.Handler) http.Handler {
- return func(next http.Handler) http.Handler {
- return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- authHeader := strings.TrimSpace(r.Header.Get("Authorization"))
- if authHeader == "" || !strings.HasPrefix(authHeader, "Bearer ") {
- httpx.WriteError(w, apperr.New(http.StatusUnauthorized, "unauthorized", "missing bearer token"))
- return
- }
- token := strings.TrimSpace(strings.TrimPrefix(authHeader, "Bearer "))
- claims, err := jwtManager.ParseAccessToken(token)
- if err != nil {
- httpx.WriteError(w, apperr.New(http.StatusUnauthorized, "invalid_token", "invalid access token"))
- return
- }
- if claims.ActorType != "" && claims.ActorType != "user" {
- httpx.WriteError(w, apperr.New(http.StatusUnauthorized, "invalid_token", "invalid access token"))
- return
- }
- ctx := context.WithValue(r.Context(), authKey, &AuthContext{
- UserID: claims.UserID,
- UserPublicID: claims.UserPublicID,
- RoleCode: claims.RoleCode,
- })
- next.ServeHTTP(w, r.WithContext(ctx))
- })
- }
- }
- func GetAuthContext(ctx context.Context) *AuthContext {
- auth, _ := ctx.Value(authKey).(*AuthContext)
- return auth
- }
|
