add branch v1

2025-06-09 11:20:07 +08:00 · 2025-06-09 11:20:07 +08:00 · 01b8951dd5
commit 01b8951dd5
parent 5d370e1077
53 changed files with 1079 additions and 6481 deletions
--- a/auth/middleware.go
+++ b/auth/middleware.go
@ -0,0 +1,105 @@
+package auth
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/golang-jwt/jwt/v5"
+)
+
+type contextKey string
+
+const (
+	UserIDContextKey contextKey = "userID"
+)
+
+// Claims represents the JWT claims
+type Claims struct {
+	UserID string `json:"user_id"`
+	jwt.RegisteredClaims
+}
+
+// GenerateToken generates a new JWT token
+func GenerateToken(userID string, signingKey string, expiry time.Duration) (string, error) {
+	claims := Claims{
+		UserID: userID,
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(expiry)),
+			IssuedAt:  jwt.NewNumericDate(time.Now()),
+		},
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	return token.SignedString([]byte(signingKey))
+}
+
+// NewAuthMiddleware creates a new authentication middleware
+func NewAuthMiddleware(signingKey string) func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			// Extract token from Authorization header
+			authHeader := r.Header.Get("Authorization")
+			if authHeader == "" {
+				http.Error(w, "Authorization header required", http.StatusUnauthorized)
+				return
+			}
+
+			// Check if the header has the correct format
+			parts := strings.Split(authHeader, " ")
+			if len(parts) != 2 || parts[0] != "Bearer" {
+				http.Error(w, "Invalid authorization header format", http.StatusUnauthorized)
+				return
+			}
+
+			tokenString := parts[1]
+
+			// Parse and validate the token
+			claims := &Claims{}
+			token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
+				// Validate signing method
+				if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+					return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+				}
+				return []byte(signingKey), nil
+			})
+
+			if err != nil {
+				if err == jwt.ErrSignatureInvalid {
+					http.Error(w, "Invalid token signature", http.StatusUnauthorized)
+					return
+				}
+				http.Error(w, "Invalid token", http.StatusUnauthorized)
+				return
+			}
+
+			if !token.Valid {
+				http.Error(w, "Invalid token", http.StatusUnauthorized)
+				return
+			}
+
+			// Add user ID to request context
+			ctx := context.WithValue(r.Context(), UserIDContextKey, claims.UserID)
+			next.ServeHTTP(w, r.WithContext(ctx))
+		})
+	}
+}
+
+// GetUserIDFromContext extracts the user ID from the request context
+func GetUserIDFromContext(ctx context.Context) (string, error) {
+	userID, ok := ctx.Value(UserIDContextKey).(string)
+	if !ok {
+		return "", fmt.Errorf("user ID not found in context")
+	}
+	return userID, nil
+}
+
+// RequireAuth is a middleware that ensures a valid JWT token is present
+func RequireAuth(signingKey string, next http.HandlerFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		authMiddleware := NewAuthMiddleware(signingKey)
+		authMiddleware(http.HandlerFunc(next)).ServeHTTP(w, r)
+	}
+}