nessi/NexaVPN
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
298d301ce8c942a88116eec8edf3480a7258ad65
NexaVPN/backend/internal/httpserver/middleware.go
nessi 298d301ce8 refactor: extract request context utilities into dedicated package 
Move ClaimsFromContext and MustUserID helpers from httpserver to new requestctx package for better separation of concerns. Update all imports across auth, device, policy, and user handlers. Fix Dockerfile to copy go.sum and run go mod tidy before download.
2026-03-15 16:37:01 +01:00

49 lines
1.4 KiB
Go
Raw Blame History

package httpserver
import (
"net/http"
"strings"
"github.com/go-chi/chi/v5/middleware"
"github.com/nexavpn/nexavpn/backend/internal/apiutil"
"github.com/nexavpn/nexavpn/backend/internal/auth"
"github.com/nexavpn/nexavpn/backend/internal/requestctx"
)
func BaseMiddleware(next http.Handler) http.Handler {
return middleware.RealIP(middleware.RequestID(middleware.Logger(next)))
}
func AuthMiddleware(jwtSecret string) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
header := r.Header.Get("Authorization")
if !strings.HasPrefix(header, "Bearer ") {
apiutil.Error(w, http.StatusUnauthorized, "unauthorized", "missing bearer token")
return
}
claims, err := auth.ParseAccessToken(jwtSecret, strings.TrimPrefix(header, "Bearer "))
if err != nil {
apiutil.Error(w, http.StatusUnauthorized, "unauthorized", "invalid access token")
return
}
ctx := requestctx.WithClaims(r.Context(), claims)
next.ServeHTTP(w, r.WithContext(ctx))
})
}
}
func AdminOnly(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
claims, ok := requestctx.ClaimsFromContext(r.Context())
if !ok || claims.Role != "admin" {
apiutil.Error(w, http.StatusForbidden, "forbidden", "admin role required")
return
}
next.ServeHTTP(w, r)
})
}
Reference in New Issue View Git Blame Copy Permalink