// Copyright (c) 2025 Nikolai Papin // // This file is part of Easywish // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See // the GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with this program. If not, see . package middleware import ( "easywish/config" "easywish/internal/utils/enums" "errors" "fmt" "net/http" "github.com/gin-gonic/gin" "github.com/golang-jwt/jwt/v5" ) type Claims struct { Username string `json:"username"` Role enums.Role `json:"role"` jwt.RegisteredClaims } // TODO: validate token type // TODO: validate session guid func AuthMiddleware() gin.HandlerFunc { return func(c *gin.Context) { cfg := config.GetConfig() authHeader := c.GetHeader("Authorization") if authHeader == "" { c.Set("username", nil) c.Set("role", enums.GuestRole) c.Next() return } tokenString := authHeader token, err := jwt.ParseWithClaims( tokenString, &Claims{}, func(token *jwt.Token) (any, error) { if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"]) } return []byte(cfg.JwtSecret), nil }, ) if err != nil { if errors.Is(err, jwt.ErrTokenExpired) { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Token expired"}) } else { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid token"}) } return } if claims, ok := token.Claims.(*Claims); ok && token.Valid { c.Set("username", claims.Username) c.Set("role", claims.Role) c.Next() } else { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid claims"}) } } }