taskcafe/internal/route/middleware.go

package route

import (
	"context"
	"net/http"
	"strings"

	"github.com/google/uuid"
	"github.com/jordanknott/taskcafe/internal/auth"
	log "github.com/sirupsen/logrus"
)

// ContextKey represents a context key
type ContextKey string

const (
	// UserIDKey is the key for the user id of the authenticated user
	UserIDKey ContextKey = "userID"
	//RestrictedModeKey is the key for whether the authenticated user only has access to install route
	RestrictedModeKey ContextKey = "restricted_mode"
	// OrgRoleKey is the key for the organization role code of the authenticated user
	OrgRoleKey ContextKey = "org_role"
)

// AuthenticationMiddleware is a middleware that requires a valid JWT token to be passed via the Authorization header
func AuthenticationMiddleware(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		bearerTokenRaw := r.Header.Get("Authorization")
		splitToken := strings.Split(bearerTokenRaw, "Bearer")
		if len(splitToken) != 2 {
			w.WriteHeader(http.StatusBadRequest)
			return
		}
		accessTokenString := strings.TrimSpace(splitToken[1])
		accessClaims, err := auth.ValidateAccessToken(accessTokenString)
		if err != nil {
			if _, ok := err.(*auth.ErrExpiredToken); ok {
				w.WriteHeader(http.StatusUnauthorized)
				w.Write([]byte(`{
	"data": {},
	"errors": [
	{
		"extensions": {
			"code": "UNAUTHENTICATED"
		}
	}
	]
				}`))
				return
			}
			log.Error(err)
			w.WriteHeader(http.StatusBadRequest)
			return
		}

		var userID uuid.UUID
		if accessClaims.Restricted == auth.InstallOnly {
			userID = uuid.New()
		} else {
			userID, err = uuid.Parse(accessClaims.UserID)
			if err != nil {
				log.WithError(err).Error("middleware access token userID parse")
				w.WriteHeader(http.StatusBadRequest)
				return
			}
		}
		ctx := context.WithValue(r.Context(), UserIDKey, userID)
		ctx = context.WithValue(ctx, RestrictedModeKey, accessClaims.Restricted)
		ctx = context.WithValue(ctx, OrgRoleKey, accessClaims.OrgRole)

		next.ServeHTTP(w, r.WithContext(ctx))
	})
}
cleanup: refactor api architecture & add user roles 2020-07-05 01:02:57 +02:00			`package route`
initial commit 2020-04-10 04:40:22 +02:00
			`import (`
			`"context"`
			`"net/http"`
			`"strings"`

feature: add ability to assign tasks 2020-04-20 05:02:55 +02:00			`"github.com/google/uuid"`
chore: rename Citadel to Taskcafe 2020-08-07 03:50:35 +02:00			`"github.com/jordanknott/taskcafe/internal/auth"`
initial commit 2020-04-10 04:40:22 +02:00			`log "github.com/sirupsen/logrus"`
			`)`

feat: add pre-commit hooks & refactor code to pass linting 2020-08-21 01:11:24 +02:00			`// ContextKey represents a context key`
			`type ContextKey string`

			`const (`
			`// UserIDKey is the key for the user id of the authenticated user`
			`UserIDKey ContextKey = "userID"`
			`//RestrictedModeKey is the key for whether the authenticated user only has access to install route`
			`RestrictedModeKey ContextKey = "restricted_mode"`
			`// OrgRoleKey is the key for the organization role code of the authenticated user`
			`OrgRoleKey ContextKey = "org_role"`
			`)`

			`// AuthenticationMiddleware is a middleware that requires a valid JWT token to be passed via the Authorization header`
initial commit 2020-04-10 04:40:22 +02:00			`func AuthenticationMiddleware(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`bearerTokenRaw := r.Header.Get("Authorization")`
			`splitToken := strings.Split(bearerTokenRaw, "Bearer")`
			`if len(splitToken) != 2 {`
			`w.WriteHeader(http.StatusBadRequest)`
			`return`
			`}`
			`accessTokenString := strings.TrimSpace(splitToken[1])`
cleanup: refactor api architecture & add user roles 2020-07-05 01:02:57 +02:00			`accessClaims, err := auth.ValidateAccessToken(accessTokenString)`
initial commit 2020-04-10 04:40:22 +02:00			`if err != nil {`
cleanup: refactor api architecture & add user roles 2020-07-05 01:02:57 +02:00			`if _, ok := err.(*auth.ErrExpiredToken); ok {`
feature: various additions 2020-06-13 00:21:58 +02:00			`w.WriteHeader(http.StatusUnauthorized)`
initial commit 2020-04-10 04:40:22 +02:00			w.Write([]byte(`{
cleanup: merge types & add graphql-codegen-cli 2020-04-10 05:27:57 +02:00			`"data": {},`
initial commit 2020-04-10 04:40:22 +02:00			`"errors": [`
			`{`
			`"extensions": {`
			`"code": "UNAUTHENTICATED"`
			`}`
			`}`
			`]`
			}`))
			`return`
			`}`
			`log.Error(err)`
			`w.WriteHeader(http.StatusBadRequest)`
			`return`
			`}`

feature: add first time install process 2020-07-17 02:40:23 +02:00			`var userID uuid.UUID`
			`if accessClaims.Restricted == auth.InstallOnly {`
			`userID = uuid.New()`
			`} else {`
			`userID, err = uuid.Parse(accessClaims.UserID)`
			`if err != nil {`
			`log.WithError(err).Error("middleware access token userID parse")`
			`w.WriteHeader(http.StatusBadRequest)`
			`return`
			`}`
feature: add ability to assign tasks 2020-04-20 05:02:55 +02:00			`}`
feat: add pre-commit hooks & refactor code to pass linting 2020-08-21 01:11:24 +02:00			`ctx := context.WithValue(r.Context(), UserIDKey, userID)`
			`ctx = context.WithValue(ctx, RestrictedModeKey, accessClaims.Restricted)`
			`ctx = context.WithValue(ctx, OrgRoleKey, accessClaims.OrgRole)`
initial commit 2020-04-10 04:40:22 +02:00
			`next.ServeHTTP(w, r.WithContext(ctx))`
			`})`
			`}`