taskcafe/internal/route/middleware.go

package route

import (
	"context"
	"net/http"
	"strings"

	"github.com/google/uuid"
	"github.com/jordanknott/taskcafe/internal/auth"
	"github.com/jordanknott/taskcafe/internal/utils"
	log "github.com/sirupsen/logrus"
)

// AuthenticationMiddleware is a middleware that requires a valid JWT token to be passed via the Authorization header
type AuthenticationMiddleware struct {
	jwtKey []byte
}

// Middleware returns the middleware handler
func (m *AuthenticationMiddleware) Middleware(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		requestID := uuid.New()
		bearerTokenRaw := r.Header.Get("Authorization")
		splitToken := strings.Split(bearerTokenRaw, "Bearer")
		if len(splitToken) != 2 {
			w.WriteHeader(http.StatusBadRequest)
			return
		}
		accessTokenString := strings.TrimSpace(splitToken[1])
		accessClaims, err := auth.ValidateAccessToken(accessTokenString, m.jwtKey)
		if err != nil {
			if _, ok := err.(*auth.ErrExpiredToken); ok {
				w.WriteHeader(http.StatusUnauthorized)
				w.Write([]byte(`{
	"data": {},
	"errors": [
	{
		"extensions": {
			"code": "UNAUTHENTICATED"
		}
	}
	]
				}`))
				return
			}
			log.Error(err)
			w.WriteHeader(http.StatusBadRequest)
			return
		}

		var userID uuid.UUID
		if accessClaims.Restricted == auth.InstallOnly {
			userID = uuid.New()
		} else {
			userID, err = uuid.Parse(accessClaims.UserID)
			if err != nil {
				log.WithError(err).Error("middleware access token userID parse")
				w.WriteHeader(http.StatusBadRequest)
				return
			}
		}
		ctx := context.WithValue(r.Context(), utils.UserIDKey, userID)
		ctx = context.WithValue(ctx, utils.RestrictedModeKey, accessClaims.Restricted)
		ctx = context.WithValue(ctx, utils.OrgRoleKey, accessClaims.OrgRole)
		ctx = context.WithValue(ctx, utils.ReqIDKey, requestID)

		next.ServeHTTP(w, r.WithContext(ctx))
	})
}
cleanup: refactor api architecture & add user roles 2020-07-05 01:02:57 +02:00			`package route`
initial commit 2020-04-10 04:40:22 +02:00
			`import (`
			`"context"`
			`"net/http"`
			`"strings"`

feature: add ability to assign tasks 2020-04-20 05:02:55 +02:00			`"github.com/google/uuid"`
chore: rename Citadel to Taskcafe 2020-08-07 03:50:35 +02:00			`"github.com/jordanknott/taskcafe/internal/auth"`
fix: use correct context keys when retrieving userID & role 2020-08-22 06:08:30 +02:00			`"github.com/jordanknott/taskcafe/internal/utils"`
initial commit 2020-04-10 04:40:22 +02:00			`log "github.com/sirupsen/logrus"`
			`)`

feat: add pre-commit hooks & refactor code to pass linting 2020-08-21 01:11:24 +02:00			`// AuthenticationMiddleware is a middleware that requires a valid JWT token to be passed via the Authorization header`
fix: secret key is no longer hard coded the secret key for signing JWT tokens is now read from server.secret. if that does not exist, then a random UUID v4 is generated and used instead. a log warning is also shown. 2020-09-13 01:03:17 +02:00			`type AuthenticationMiddleware struct {`
			`jwtKey []byte`
			`}`

			`// Middleware returns the middleware handler`
			`func (m *AuthenticationMiddleware) Middleware(next http.Handler) http.Handler {`
initial commit 2020-04-10 04:40:22 +02:00			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
feat: redesign project sharing & initial registration redesigned the project sharing popup to be a multi select dropdown that populates the options by using the input as a fuzzy search filter on the current users & invited users. users can now also be directly invited by email from the project share window. if invited this way, then the user will receive an email that sends them to a registration page, then a confirmation page. the initial registration was always redone so that it uses a similar system to the above in that it now will accept the first registered user if there are no other accounts (besides 'system'). 2020-10-21 01:52:09 +02:00			`requestID := uuid.New()`
initial commit 2020-04-10 04:40:22 +02:00			`bearerTokenRaw := r.Header.Get("Authorization")`
			`splitToken := strings.Split(bearerTokenRaw, "Bearer")`
			`if len(splitToken) != 2 {`
			`w.WriteHeader(http.StatusBadRequest)`
			`return`
			`}`
			`accessTokenString := strings.TrimSpace(splitToken[1])`
fix: secret key is no longer hard coded the secret key for signing JWT tokens is now read from server.secret. if that does not exist, then a random UUID v4 is generated and used instead. a log warning is also shown. 2020-09-13 01:03:17 +02:00			`accessClaims, err := auth.ValidateAccessToken(accessTokenString, m.jwtKey)`
initial commit 2020-04-10 04:40:22 +02:00			`if err != nil {`
cleanup: refactor api architecture & add user roles 2020-07-05 01:02:57 +02:00			`if _, ok := err.(*auth.ErrExpiredToken); ok {`
feature: various additions 2020-06-13 00:21:58 +02:00			`w.WriteHeader(http.StatusUnauthorized)`
initial commit 2020-04-10 04:40:22 +02:00			w.Write([]byte(`{
cleanup: merge types & add graphql-codegen-cli 2020-04-10 05:27:57 +02:00			`"data": {},`
initial commit 2020-04-10 04:40:22 +02:00			`"errors": [`
			`{`
			`"extensions": {`
			`"code": "UNAUTHENTICATED"`
			`}`
			`}`
			`]`
			}`))
			`return`
			`}`
			`log.Error(err)`
			`w.WriteHeader(http.StatusBadRequest)`
			`return`
			`}`

feature: add first time install process 2020-07-17 02:40:23 +02:00			`var userID uuid.UUID`
			`if accessClaims.Restricted == auth.InstallOnly {`
			`userID = uuid.New()`
			`} else {`
			`userID, err = uuid.Parse(accessClaims.UserID)`
			`if err != nil {`
			`log.WithError(err).Error("middleware access token userID parse")`
			`w.WriteHeader(http.StatusBadRequest)`
			`return`
			`}`
feature: add ability to assign tasks 2020-04-20 05:02:55 +02:00			`}`
fix: use correct context keys when retrieving userID & role 2020-08-22 06:08:30 +02:00			`ctx := context.WithValue(r.Context(), utils.UserIDKey, userID)`
			`ctx = context.WithValue(ctx, utils.RestrictedModeKey, accessClaims.Restricted)`
			`ctx = context.WithValue(ctx, utils.OrgRoleKey, accessClaims.OrgRole)`
feat: redesign project sharing & initial registration redesigned the project sharing popup to be a multi select dropdown that populates the options by using the input as a fuzzy search filter on the current users & invited users. users can now also be directly invited by email from the project share window. if invited this way, then the user will receive an email that sends them to a registration page, then a confirmation page. the initial registration was always redone so that it uses a similar system to the above in that it now will accept the first registered user if there are no other accounts (besides 'system'). 2020-10-21 01:52:09 +02:00			`ctx = context.WithValue(ctx, utils.ReqIDKey, requestID)`
initial commit 2020-04-10 04:40:22 +02:00
			`next.ServeHTTP(w, r.WithContext(ctx))`
			`})`
			`}`