package api import ( "context" "fmt" "net/http" "strings" "time" "git.t-juice.club/torjus/gpaste" "github.com/go-chi/chi/v5/middleware" ) type authCtxKey int const ( authCtxUsername authCtxKey = iota authCtxAuthLevel authCtxClaims ) func (s *HTTPServer) MiddlewareAccessLogger(next http.Handler) http.Handler { fn := func(w http.ResponseWriter, r *http.Request) { ww := middleware.NewWrapResponseWriter(w, r.ProtoMajor) t1 := time.Now() reqID := middleware.GetReqID(r.Context()) defer func() { s.AccessLogger.Infow(r.Method, "path", r.URL.Path, "status", ww.Status(), "written", ww.BytesWritten(), "remote_addr", r.RemoteAddr, "processing_time_ms", time.Since(t1).Milliseconds(), "req_id", reqID) }() next.ServeHTTP(ww, r) } return http.HandlerFunc(fn) } func (s *HTTPServer) MiddlewareAuthentication(next http.Handler) http.Handler { fn := func(w http.ResponseWriter, r *http.Request) { reqID := middleware.GetReqID(r.Context()) header := r.Header.Get("Authorization") if header == "" { s.Logger.Debugw("Request has no auth header.", "req_id", reqID) next.ServeHTTP(w, r) return } splitHeader := strings.Split(header, "Bearer ") if len(splitHeader) != 2 { s.Logger.Debugw("Request has invalid token.", "req_id", reqID) next.ServeHTTP(w, r) return } token := splitHeader[1] claims, err := s.Auth.ValidateToken(token) if err != nil { s.Logger.Debugw("Request has invalid token.", "req_id", reqID) next.ServeHTTP(w, r) return } ctx := context.WithValue(r.Context(), authCtxUsername, claims.Subject) ctx = context.WithValue(ctx, authCtxAuthLevel, claims.Role) ctx = context.WithValue(ctx, authCtxClaims, claims) withCtx := r.WithContext(ctx) s.Logger.Debugw("Request is authenticated.", "req_id", reqID, "username", claims.Subject) next.ServeHTTP(w, withCtx) } return http.HandlerFunc(fn) } func UsernameFromRequest(r *http.Request) (string, error) { rawUsername := r.Context().Value(authCtxUsername) if rawUsername == nil { return "", fmt.Errorf("no username") } username, ok := rawUsername.(string) if !ok { return "", fmt.Errorf("no username") } return username, nil } func AuthLevelFromRequest(r *http.Request) (gpaste.AuthLevel, error) { rawLevel := r.Context().Value(authCtxAuthLevel) if rawLevel == nil { return gpaste.AuthLevelUnset, fmt.Errorf("no username") } level, ok := rawLevel.(gpaste.AuthLevel) if !ok { return gpaste.AuthLevelUnset, fmt.Errorf("no username") } return level, nil } func ClaimsFromRequest(r *http.Request) *gpaste.Claims { rawClaims := r.Context().Value(authCtxAuthLevel) if rawClaims == nil { return nil } claims, ok := rawClaims.(*gpaste.Claims) if !ok { return nil } return claims }