diff --git a/internal/api/user/controller.go b/internal/api/user/controller.go index d4ad1e9..ec04b68 100644 --- a/internal/api/user/controller.go +++ b/internal/api/user/controller.go @@ -23,27 +23,28 @@ func newController(service *service, utils interfaces.Utils) *controller { } } -func (h *Handler) RegisterRoutes(r *gin.RouterGroup) { +func (h *Handler) RegisterRoutes(r *gin.RouterGroup, authMW gin.HandlerFunc) { userGroup := r.Group("/user") - userGroup.POST("/", h.controller.register) - userGroup.GET("/", h.controller.get) - userGroup.PUT("/", h.controller.update) - userGroup.DELETE("/", h.controller.delete) + userGroup.POST("/", authMW, h.controller.register) + userGroup.GET("/", authMW, h.controller.get) + userGroup.PUT("/", authMW, h.controller.update) + userGroup.DELETE("/", authMW, h.controller.delete) //auth h.controller.authPath = "/user/auth" - authGroup := userGroup.Group("/auth") + authGroup.POST("/login", h.controller.login) - authGroup.POST("/logout", h.controller.logout) + authGroup.POST("/logout", authMW, h.controller.logout) authGroup.POST("/refresh", h.controller.refresh) } func (h *Handler) ExcludeRoutes() []shared.ExcludeRoute { return []shared.ExcludeRoute{ {Route: "/user", Method: http.MethodPost}, - {Route: "/user/login", Method: http.MethodPost}, + {Route: "/user/auth/login", Method: http.MethodPost}, + {Route: "/user/auth/refresh", Method: http.MethodPost}, } } diff --git a/internal/app/handler.go b/internal/app/handler.go index ad4abba..80bc801 100644 --- a/internal/app/handler.go +++ b/internal/app/handler.go @@ -5,7 +5,6 @@ import ( "github.com/gin-gonic/gin" log "github.com/sirupsen/logrus" "merch-parser-api/internal/interfaces" - "merch-parser-api/internal/shared" "net/http" "time" ) @@ -40,18 +39,6 @@ func NewApp(deps Deps) *App { apiRoutes.GET("/", func(c *gin.Context) { c.String(http.StatusOK, "API is ready") }) - - var excludeRoutes []shared.ExcludeRoute - - for _, m := range app.modules { - if hasRoutes, ok := m.(interfaces.ModuleRoutes); ok { - hasRoutes.RegisterRoutes(apiRoutes) - excludeRoutes = append(excludeRoutes, hasRoutes.ExcludeRoutes()...) - } - } - - app.routerHandler.ExcludeRoutes(excludeRoutes) - return app } diff --git a/internal/interfaces/app.go b/internal/interfaces/app.go index 1f8eecf..21bdafc 100644 --- a/internal/interfaces/app.go +++ b/internal/interfaces/app.go @@ -2,13 +2,11 @@ package interfaces import ( "github.com/gin-gonic/gin" - "merch-parser-api/internal/shared" ) type Module interface { } type ModuleRoutes interface { - RegisterRoutes(r *gin.RouterGroup) - ExcludeRoutes() []shared.ExcludeRoute + RegisterRoutes(r *gin.RouterGroup, authMW gin.HandlerFunc) } diff --git a/internal/interfaces/router.go b/internal/interfaces/router.go index f393ccb..cb95e38 100644 --- a/internal/interfaces/router.go +++ b/internal/interfaces/router.go @@ -2,10 +2,9 @@ package interfaces import ( "github.com/gin-gonic/gin" - "merch-parser-api/internal/shared" ) type Router interface { Set() *gin.Engine - ExcludeRoutes(routes []shared.ExcludeRoute) + AuthMW() gin.HandlerFunc } diff --git a/internal/router/handler.go b/internal/router/handler.go index 91fdd22..ae4f30a 100644 --- a/internal/router/handler.go +++ b/internal/router/handler.go @@ -65,23 +65,5 @@ func (r *router) Set() *gin.Engine { //swagger r.engine.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler)) - r.engine.Use(authMiddleware(mwDeps{ - prefix: r.apiPrefix, - excludeRoutes: &r.excludeRoutes, - tokenProv: r.tokenProv, - })) - return r.engine } - -func (r *router) ExcludeRoutes(routes []shared.ExcludeRoute) { - log.Debug("Excluded routes:") - excludedRoutes := make(map[string]shared.ExcludeRoute, len(routes)) - - for _, route := range routes { - log.Debugf("%s %s", route.Method, route.Route) - ex := joinPaths(r.apiPrefix, route.Route) - excludedRoutes[ex] = shared.ExcludeRoute{Route: ex, Method: route.Method} - } - r.excludeRoutes = excludedRoutes -} diff --git a/internal/router/helper.go b/internal/router/helper.go deleted file mode 100644 index 64fae83..0000000 --- a/internal/router/helper.go +++ /dev/null @@ -1,64 +0,0 @@ -package router - -import ( - "fmt" - "merch-parser-api/internal/shared" - "net/http" - "strings" -) - -func excluded(prefix, path, method string, excludedRoutes *map[string]shared.ExcludeRoute) bool { - if excludedRoutes == nil { - return false - } - - nPath := normalizePath(path) - - switch { - case nPath == "/"+prefix && method == http.MethodGet: //ignore api base path for GET method - return true - case nPath == "/swagger/*any": - return true - case nPath == "/version": - return true - } - - if value, ok := (*excludedRoutes)[nPath]; ok { - fmt.Println(value, ok) - if isSameRoute(nPath, value.Route) && value.Method == method { - return true - } - } - - return false -} - -func normalizePath(path string) string { - return strings.TrimRight(path, "/") -} - -func joinPaths(paths ...string) string { - result := "" - for _, p := range paths { - if result == "" { - result = strings.TrimRight(p, "/") - } else { - result = result + "/" + strings.Trim(p, "/") - } - } - return "/" + strings.TrimLeft(result, "/") -} - -func isSameRoute(path, excluded string) bool { - path = strings.Split(path, "?")[0] - path = strings.TrimSuffix(path, "/") - excluded = strings.TrimSuffix(excluded, "/") - - if strings.HasSuffix(excluded, "/*any") || strings.HasSuffix(excluded, "/*") { - base := strings.TrimSuffix(excluded, "/*any") - base = strings.TrimSuffix(base, "/*") - return strings.HasPrefix(path, base) - } - - return path == excluded -} diff --git a/internal/router/middleware.go b/internal/router/middleware.go index 64864bc..42b3395 100644 --- a/internal/router/middleware.go +++ b/internal/router/middleware.go @@ -3,42 +3,12 @@ package router import ( "github.com/gin-gonic/gin" log "github.com/sirupsen/logrus" - "merch-parser-api/internal/interfaces" - "merch-parser-api/internal/shared" "merch-parser-api/pkg/responses" "net/http" ) -type mwDeps struct { - prefix string - excludeRoutes *map[string]shared.ExcludeRoute - tokenProv interfaces.JWTProvider -} - -func authMiddleware(deps mwDeps) gin.HandlerFunc { +func (r *router) AuthMW() gin.HandlerFunc { return func(c *gin.Context) { - if excluded(deps.prefix, c.FullPath(), c.Request.Method, deps.excludeRoutes) { - log.WithField("msg", "route excluded from auth check").Info("MW | Authorization") - c.Next() - return - } - - if (c.FullPath() == "/user/auth/refresh" || c.FullPath() == "/user/auth/logout") && c.Request.Method == "POST" { - refreshUuid, err := c.Cookie("refresh_uuid") - if err != nil { - c.JSON(http.StatusUnauthorized, responses.ErrorResponse401{Error: "Refresh token is required"}) - log.WithField("msg", "Refresh token is required").Error("MW | Authorization") - c.Abort() - return - } - - c.Set("refreshUuid", refreshUuid) - - log.WithField("msg", "refresh token set to context").Debug("MW | Authorization") - c.Next() - return - } - token := c.GetHeader("Authorization") if token == "" { c.JSON(http.StatusUnauthorized, responses.ErrorResponse401{Error: "Authorization token is required"}) @@ -47,7 +17,7 @@ func authMiddleware(deps mwDeps) gin.HandlerFunc { return } - userUuid, err := deps.tokenProv.Parse(token) + userUuid, err := r.tokenProv.Parse(token) if err != nil { c.JSON(http.StatusUnauthorized, responses.ErrorResponse401{Error: err.Error()}) log.WithField("msg", "error parsing jwt").Error("MW | Authorization") @@ -56,14 +26,8 @@ func authMiddleware(deps mwDeps) gin.HandlerFunc { } c.Set("userUuid", userUuid) + log.WithField("userUuid", userUuid).Debug("MW | User uuid") - log.WithFields(log.Fields{ - "userUuid": userUuid, - }).Debug("MW | Parsed uuids") - - if !c.IsAborted() { - log.WithField("msg", "context aborted").Info("MW | Authorization") - c.Next() - } + c.Next() } }