59 lines
1.1 KiB
Go
59 lines
1.1 KiB
Go
package middlewares
|
|
|
|
import (
|
|
"bssapp-backend/auth"
|
|
"log"
|
|
"net/http"
|
|
"strings"
|
|
)
|
|
|
|
var publicPaths = []string{
|
|
"/api/auth/login",
|
|
"/api/auth/refresh",
|
|
"/api/password/forgot",
|
|
"/api/password/reset",
|
|
}
|
|
|
|
func GlobalAuthMiddleware(db any, next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
path := r.URL.Path
|
|
|
|
// PUBLIC ROUTES
|
|
for _, p := range publicPaths {
|
|
if strings.HasPrefix(path, p) {
|
|
next.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
}
|
|
|
|
// JWT
|
|
authHeader := r.Header.Get("Authorization")
|
|
if authHeader == "" {
|
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
parts := strings.SplitN(authHeader, " ", 2)
|
|
if len(parts) != 2 || parts[0] != "Bearer" {
|
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
claims, err := auth.ValidateToken(parts[1])
|
|
if err != nil {
|
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
ctx := auth.WithClaims(r.Context(), claims)
|
|
|
|
log.Printf("🔐 GLOBAL AUTH user=%d role=%s",
|
|
claims.ID,
|
|
claims.RoleCode,
|
|
)
|
|
|
|
next.ServeHTTP(w, r.WithContext(ctx))
|
|
})
|
|
}
|