feat: middlewares for authorization and automatic request parsing;

feat: roles enum

backend/internal/middleware/auth.go

@@ -1,17 +1,17 @@
 // Copyright (c) 2025 Nikolai Papin
-// 
+//
 // This file is part of Easywish
-// 
+//
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
-// 
+//
 // This program is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
 // the GNU General Public License for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
@@ -19,6 +19,7 @@ package middleware
 
 import (
 	"easywish/config"
+	"easywish/internal/utils/enums"
 	"errors"
 	"fmt"
 	"net/http"
@@ -28,16 +29,20 @@ import (
 )
 
 type Claims struct {
-	Username string `json:"username"`
+	Username string     `json:"username"`
+	Role     enums.Role `json:"role"`
 	jwt.RegisteredClaims
 }
 
-func JWTAuthMiddleware() gin.HandlerFunc {
+func AuthMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		cfg := config.GetConfig()
 		authHeader := c.GetHeader("Authorization")
+
 		if authHeader == "" {
-			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Authorization header required"})
+			c.Set("username", nil)
+			c.Set("role", enums.GuestRole)
+			c.Next()
 			return
 		}
 
@@ -64,7 +69,8 @@ func JWTAuthMiddleware() gin.HandlerFunc {
 		}
 
 		if claims, ok := token.Claims.(*Claims); ok && token.Valid {
-			c.Set("userID", claims.Username)
+			c.Set("username", claims.Username)
+			c.Set("role", claims.Role)
 			c.Next()
 		} else {
 			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid claims"})

backend/internal/middleware/request.go

@@ -0,0 +1,86 @@
+// Copyright (c) 2025 Nikolai Papin
+//
+// This file is part of Easywish
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+// the GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+package middleware
+
+import (
+	"easywish/internal/utils/enums"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+)
+
+type UserInfo struct {
+	Username string
+	Role enums.Role 
+}
+
+type Request[T any] struct {
+	User UserInfo
+	Body T
+}
+
+const requestKey = "request"
+
+func UserInfoFromContext(c *gin.Context) (*UserInfo, bool) {
+
+	var username any
+	var role any
+	var ok bool
+
+	username, ok = c.Get("username") ; if !ok {
+     return nil, true
+	}
+
+	role, ok = c.Get("role"); if !ok {
+     return nil, false
+	}
+
+	return &UserInfo{Username: username.(string), Role: role.(enums.Role)}, true
+}
+
+func RequestFromContext[T any](c *gin.Context) Request[T] {
+	return c.Value(requestKey).(Request[T])
+}
+
+func RequestMiddleware[T any](role enums.Role) gin.HandlerFunc {
+	return gin.HandlerFunc(func(c *gin.Context) {
+
+		userInfo, ok := UserInfoFromContext(c)
+
+		if !ok {
+			c.Status(http.StatusUnauthorized)
+			return
+		}
+
+		var body T
+		if err := c.ShouldBindJSON(&body); err != nil {
+			c.JSON(http.StatusBadRequest, err)
+
+			// TODO: implement automatic validation here
+			return
+		}
+
+		request := Request[T]{
+			User: *userInfo,
+			Body: body,
+		}
+		
+		c.Set(requestKey, request)
+		c.Next()
+	})
+}