hobokenchicken/GopherGate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement circuit breaker, fix auth vulnerability
CI / Lint (push) Has been cancelled
Details
CI / Test (push) Has been cancelled
Details
CI / Build (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Dustin Newkirk
2026-04-09 12:17:18 -04:00
parent 2929f51556
commit 212ac14a1b
5 changed files with 79 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/middleware/auth.go
+5 -14
View File
@@ -2,6 +2,7 @@ package middleware
import (
"log"
"net/http"
"strings"
"gophergate/internal/db"
@@ -27,26 +28,16 @@ func AuthMiddleware(database *db.DB) gin.HandlerFunc {
// Try to resolve client from database
var clientID string
err := database.Get(&clientID, "UPDATE client_tokens SET last_used_at = CURRENT_TIMESTAMP WHERE token = ? AND is_active = 1 RETURNING client_id", token)
if err == nil {
c.Set("auth", models.AuthInfo{
Token: token,
ClientID: clientID,
})
c.Next()
} else {
// Fallback to token-prefix derivation (matches Rust behavior)
prefixLen := len(token)
if prefixLen > 8 {
prefixLen = 8
}
clientID = "client_" + token[:prefixLen]
c.Set("auth", models.AuthInfo{
Token: token,
ClientID: clientID,
})
log.Printf("Token not found in DB, using fallback client ID: %s", clientID)
log.Printf("Token not found or inactive in DB: %s", token)
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid or inactive token"})
}
c.Next()
}
}