package middleware import ( "context" "fmt" "net/http" "git.linuxforward.com/byop/byop-engine/auth" "github.com/gin-gonic/gin" "github.com/golang-jwt/jwt/v5" ) // debugMode is a flag to enable or disable debug logging var debug = true // JWT secret key - in production, this should be loaded from environment variables var jwtSecret = []byte("your-secret-key-here") // Claims represents the JWT claims type Claims struct { UserID string `json:"user_id"` Role string `json:"role"` jwt.RegisteredClaims } // Auth middleware that accepts the auth service as dependency func Auth(authService auth.Service) gin.HandlerFunc { if debug { return func(c *gin.Context) { c.Set("clientID", "1") c.Set("user_id", "1") c.Set("role", "admin") c.Next() } } return func(c *gin.Context) { // Get token from request token := extractTokenFromHeader(c) if token == "" { c.JSON(http.StatusUnauthorized, gin.H{"error": "Authorization header required"}) c.Abort() return } // Validate token using the auth service clientID, role, err := authService.ValidateToken(c.Request.Context(), token) if err != nil { c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid token"}) c.Abort() return } fmt.Println("Client ID from token:", clientID) fmt.Println("Role from token:", role) // Set client ID and role in context for later use c.Set("clientID", clientID) c.Set("user_id", clientID) // Set user_id for backward compatibility c.Set("role", role) c.Next() } } // GetUserIDFromContext retrieves the user ID from the request context func GetUserIDFromContext(ctx context.Context) string { userID, ok := ctx.Value("user_id").(string) if !ok { return "" } return userID } // GetRoleFromContext retrieves the user role from the request context func GetRoleFromContext(ctx context.Context) string { role, ok := ctx.Value("role").(string) if !ok { return "" } return role } // IsAdmin checks if the user in the context has admin role func IsAdmin(ctx context.Context) bool { role := GetRoleFromContext(ctx) fmt.Println("Role from context:", role) return role == "admin" } // extractTokenFromHeader gets the JWT token from the Authorization header func extractTokenFromHeader(c *gin.Context) string { authHeader := c.GetHeader("Authorization") if authHeader == "" { return "" } // Check if the header has the format "Bearer " if len(authHeader) > 7 && authHeader[:7] == "Bearer " { return authHeader[7:] } return "" } // AdminAuth middleware checks if the user has admin role func AdminAuth(authService auth.Service) gin.HandlerFunc { return func(c *gin.Context) { // Get token from request token := extractTokenFromHeader(c) if token == "" { c.JSON(http.StatusUnauthorized, gin.H{"error": "Authorization header required"}) c.Abort() return } // Validate token using the auth service clientID, role, err := authService.ValidateToken(c.Request.Context(), token) if err != nil { c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid token"}) c.Abort() return } // Check if the user has admin role if role != "admin" { c.JSON(http.StatusForbidden, gin.H{"error": "Admin access required"}) c.Abort() return } // Set client ID and role in context for later use c.Set("clientID", clientID) c.Set("user_id", clientID) // Set user_id for backward compatibility c.Set("role", role) c.Next() } }