44 lines
971 B
Go
44 lines
971 B
Go
package middleware
|
|
|
|
import (
|
|
"log"
|
|
"net/http"
|
|
"strings"
|
|
|
|
"gophergate/internal/db"
|
|
"gophergate/internal/models"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
func AuthMiddleware(database *db.DB) gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
authHeader := c.GetHeader("Authorization")
|
|
if authHeader == "" {
|
|
c.Next()
|
|
return
|
|
}
|
|
|
|
token := strings.TrimPrefix(authHeader, "Bearer ")
|
|
if token == authHeader { // No "Bearer " prefix
|
|
c.Next()
|
|
return
|
|
}
|
|
|
|
// Try to resolve client from database
|
|
var clientID string
|
|
err := database.Get(&clientID, "UPDATE client_tokens SET last_used_at = CURRENT_TIMESTAMP WHERE token = ? AND is_active = 1 RETURNING client_id", token)
|
|
|
|
if err == nil {
|
|
c.Set("auth", models.AuthInfo{
|
|
Token: token,
|
|
ClientID: clientID,
|
|
})
|
|
c.Next()
|
|
} else {
|
|
log.Printf("Token not found or inactive in DB: %s", token)
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid or inactive token"})
|
|
}
|
|
}
|
|
}
|