feat: notectx middleware
This commit is contained in:
parent
10bcdf88c7
commit
a32bdef092
GPG Key ID:
995EFD5C1B532B3E
@ -6,6 +6,7 @@ import (
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"git.umbrella.haus/ae/notatest/pkg/data"
|
||||
"github.com/go-chi/chi/v5"
|
||||
"github.com/go-chi/chi/v5/middleware"
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
@ -18,8 +19,6 @@ const (
|
||||
defaultLogMsg = "incoming request"
|
||||
)
|
||||
|
||||
type userCtxKey struct{}
|
||||
|
||||
// Get JWT bearer from request's authorization header, parse it with custom user claims, and
|
||||
// ensure its validity before attaching the claims to the request's context.
|
||||
func authMiddleware(jwtSecret string, expectedType string) func(http.Handler) http.Handler {
|
||||
@ -30,7 +29,7 @@ func authMiddleware(jwtSecret string, expectedType string) func(http.Handler) ht
|
||||
respondError(w, http.StatusUnauthorized, fmt.Sprintf("Unauthorized: %s", err))
|
||||
}
|
||||
|
||||
token, err := jwt.ParseWithClaims(tokenString, &userClaims{}, func(token *jwt.Token) (interface{}, error) {
|
||||
token, err := jwt.ParseWithClaims(tokenString, &userClaims{}, func(token *jwt.Token) (any, error) {
|
||||
return []byte(jwtSecret), nil
|
||||
})
|
||||
if err != nil || !token.Valid {
|
||||
@ -109,6 +108,46 @@ func userCtx(store UserStore) func(http.Handler) http.Handler {
|
||||
}
|
||||
}
|
||||
|
||||
// Append note data into request's context based on note ID as a URL parameter and user ID as
|
||||
// context parameter.
|
||||
func noteCtx(store NoteStore) func(http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
noteIDStr := chi.URLParam(r, "id")
|
||||
noteID, err := uuid.Parse(noteIDStr)
|
||||
if err != nil {
|
||||
respondError(w, http.StatusNotFound, "Invalid note ID")
|
||||
return
|
||||
}
|
||||
|
||||
// NOTE: user must already be in the context (e.g. via JWT middleware)
|
||||
user, ok := r.Context().Value(userCtxKey{}).(*userClaims)
|
||||
if !ok {
|
||||
respondError(w, http.StatusUnauthorized, "Unauthorized")
|
||||
return
|
||||
}
|
||||
|
||||
userID, err := uuid.Parse(user.Subject)
|
||||
if err != nil {
|
||||
respondError(w, http.StatusInternalServerError, "Invalid user ID")
|
||||
return
|
||||
}
|
||||
|
||||
note, err := store.GetNote(r.Context(), data.GetNoteParams{
|
||||
ID: noteID,
|
||||
UserID: userID,
|
||||
})
|
||||
if err != nil {
|
||||
respondError(w, http.StatusNotFound, "Note not found")
|
||||
return
|
||||
}
|
||||
|
||||
ctx := context.WithValue(r.Context(), noteCtxKey{}, note)
|
||||
next.ServeHTTP(w, r.WithContext(ctx))
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// Zerolog compatible logger middleware. Automatically logs and recovers from errors with HTTP 500
|
||||
// response, by default logs to INFO level.
|
||||
func loggerMiddleware(log *zerolog.Logger) func(http.Handler) http.Handler {
|
||||
@ -136,7 +175,7 @@ func loggerMiddleware(log *zerolog.Logger) func(http.Handler) http.Handler {
|
||||
log.Info().
|
||||
Str("type", "access").
|
||||
Timestamp().
|
||||
Fields(map[string]interface{}{
|
||||
Fields(map[string]any{
|
||||
"remote_ip": r.RemoteAddr,
|
||||
"url": r.URL.Path,
|
||||
"proto": r.Proto,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user