middleware

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 16, 2026 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	UserIDKey   contextKey = "user_id"
	UsernameKey contextKey = "username"
	RoleKey     contextKey = "role"
)
View Source 
const (
	RoleAdmin       = constants.RoleAdmin
	RoleContributor = constants.RoleContributor
	RoleCommentator = constants.RoleCommentator
)

Role constants for easy reference in middleware

Variables

View Source 
var (
	ErrMissingToken = errors.New("missing authorization token")
	ErrInvalidToken = errors.New("invalid authorization token")
)

Functions

func GetRole 

func GetRole(r *http.Request) (string, bool)

GetRole retrieves the role from the request context

func GetUserID 

func GetUserID(r *http.Request) (string, bool)

GetUserID retrieves the user ID from the request context

func GetUsername 

func GetUsername(r *http.Request) (string, bool)

GetUsername retrieves the username from the request context

Types

type APIKeyAuthMiddleware 

type APIKeyAuthMiddleware struct {
	// contains filtered or unexported fields
}

APIKeyAuthMiddleware authenticates Bearer API-key tokens and injects the owning user into request context using the SAME keys the JWT middleware uses (UserIDKey/UsernameKey/RoleKey via newUserContext), so downstream ctxUser lookups and RBAC are auth-agnostic (architecture Important gap #1). It is mounted onto the Bearer-only /api/v1 group by Story 2.1.

func NewAPIKeyAuthMiddleware 

func NewAPIKeyAuthMiddleware(
	verifier APIKeyVerifier,
	userLookup UserLookup,
	logger *util.Logger,
) *APIKeyAuthMiddleware

NewAPIKeyAuthMiddleware constructs the middleware. A nil logger degrades to a discard sink (mirrors NewNoCookieMiddleware) so the middleware is safe to construct in any context.

func (*APIKeyAuthMiddleware) Handler 

func (m *APIKeyAuthMiddleware) Handler(next http.Handler) http.Handler

Handler authenticates the request via Bearer API key and, on success, injects the owning user into context and delegates to next. On any failure it writes a 401 envelope with the correct code and does NOT call next.

type APIKeyVerifier 

type APIKeyVerifier interface {
	Verify(ctx context.Context, fullKey string) (*apikey.APIKey, error)
	UpdateLastUsed(ctx context.Context, id int, ip string) error
}

APIKeyVerifier is the narrow interface the middleware depends on for key verification. *apikey.Service satisfies it (Verify + UpdateLastUsed). Defined here — not in the domain — so the middleware owns its own seam and the domain stays HTTP-agnostic (mirrors the handlers.APIKeyService pattern).

type AdminMiddleware 

type AdminMiddleware struct {
	// contains filtered or unexported fields
}

AdminMiddleware represents admin authorization middleware

func NewAdminMiddleware 

func NewAdminMiddleware(authMiddleware *AuthMiddleware) *AdminMiddleware

NewAdminMiddleware creates a new admin authorization middleware

func (*AdminMiddleware) AdminOnly 

func (m *AdminMiddleware) AdminOnly(next http.Handler) http.Handler

AdminOnly validates JWT token and checks if user has Admin role This is a convenience wrapper around RequireRole("Admin")

func (*AdminMiddleware) ModerationOnly 

func (m *AdminMiddleware) ModerationOnly(next http.Handler) http.Handler

ModerationOnly validates JWT token and checks if user has Admin role

type AuthMiddleware 

type AuthMiddleware struct {
	// contains filtered or unexported fields
}

AuthMiddleware represents authentication middleware

func NewAuthMiddleware 

func NewAuthMiddleware(jwtManager *auth.JWTManager) *AuthMiddleware

NewAuthMiddleware creates a new authentication middleware

func (*AuthMiddleware) OptionalAuth 

func (m *AuthMiddleware) OptionalAuth(next http.Handler) http.Handler

OptionalAuth validates JWT token if present, but doesn't require it Adds user context if token is valid, otherwise continues without user context

func (*AuthMiddleware) RequireAuth 

func (m *AuthMiddleware) RequireAuth(next http.Handler) http.Handler

RequireAuth validates JWT token and adds user context to request

func (*AuthMiddleware) RequireRole 

func (m *AuthMiddleware) RequireRole(roles ...string) func(http.Handler) http.Handler

RequireRole validates JWT token and checks if user has required role

type CORSMiddleware 

type CORSMiddleware struct {
	// contains filtered or unexported fields
}

func NewCORSMiddleware 

func NewCORSMiddleware(allowedOrigins []string, logger *util.Logger) *CORSMiddleware

func (*CORSMiddleware) Handler 

func (m *CORSMiddleware) Handler(next http.Handler) http.Handler

type CSRFMiddleware 

type CSRFMiddleware struct {
	// contains filtered or unexported fields
}

func NewCSRFMiddleware 

func NewCSRFMiddleware(
	logger *util.Logger,
	trustedOrigins []string,
	jwtManager *auth.JWTManager,
) *CSRFMiddleware

func (*CSRFMiddleware) Handler 

func (m *CSRFMiddleware) Handler(next http.Handler) http.Handler

type CommentatorMiddleware 

type CommentatorMiddleware struct {
	// contains filtered or unexported fields
}

CommentatorMiddleware handles authorization for Commentator role

func NewCommentatorMiddleware 

func NewCommentatorMiddleware(authMiddleware *AuthMiddleware) *CommentatorMiddleware

NewCommentatorMiddleware creates a new commentator authorization middleware

func (*CommentatorMiddleware) CommentatorOnly 

func (m *CommentatorMiddleware) CommentatorOnly(next http.Handler) http.Handler

CommentatorOnly validates JWT token and checks if user has Commentator (or higher) role Commentators can view published content and submit comments, but cannot access admin features

type NoCookieMiddleware 

type NoCookieMiddleware struct {
	// contains filtered or unexported fields
}

func NewNoCookieMiddleware 

func NewNoCookieMiddleware(logger *util.Logger) *NoCookieMiddleware

func (*NoCookieMiddleware) Handler 

func (m *NoCookieMiddleware) Handler(next http.Handler) http.Handler

type RateLimitMiddleware 

type RateLimitMiddleware struct {
	// contains filtered or unexported fields
}

func NewRateLimitMiddleware 

func NewRateLimitMiddleware(
	enabled bool,
	authPerMinute, apiPerMinute, publicPerMinute int,
) *RateLimitMiddleware

func (*RateLimitMiddleware) APIKeyHandler 

func (m *RateLimitMiddleware) APIKeyHandler(next http.Handler) http.Handler

APIKeyHandler rate-limits the Bearer /api/v1 group per API key (via keyByAPIKeyOrIP), reusing the existing apiPerMinute limit and 1-minute window. It emits the v1 RATE_LIMITED envelope code when the budget is exhausted. When the middleware is disabled it passes through (matching Handler/AuthHandler/PublicHandler).

func (*RateLimitMiddleware) AuthHandler 

func (m *RateLimitMiddleware) AuthHandler(next http.Handler) http.Handler

func (*RateLimitMiddleware) Handler 

func (m *RateLimitMiddleware) Handler(next http.Handler) http.Handler

func (*RateLimitMiddleware) PublicHandler 

func (m *RateLimitMiddleware) PublicHandler(next http.Handler) http.Handler

type UserContext 

type UserContext struct {
	UserID   string
	Username string
	Role     string
}

UserContext represents user information stored in request context

type UserLookup 

type UserLookup interface {
	GetUserByID(ctx context.Context, userID int) (*repository.User, error)
}

UserLookup is the narrow interface for resolving the owning user. The middleware needs only GetUserByID. repository.UserRepo satisfies it.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.