Página inicial Explorar Ajuda
Entrar
dmsc
/
arp
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0
Tree: ee3b6e9adc
Branches Tags
arp
/
auth
/
middleware.go

middleware.go 1.0 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445 
  1. package auth
    2. 

  2. 

  3. import (
    4. 

  4. 	"net/http"
    5. 

  5. 	"strings"
    6. 

  6. )
    7. 

  7. 

  8. // AuthMiddleware extracts and validates JWT tokens from requests
    9. 

  9. func AuthMiddleware(next http.Handler) http.Handler {
    10. 

  10. 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    11. 

  11. 		authHeader := r.Header.Get("Authorization")
    12. 

  12. 		if authHeader == "" {
    13. 

  13. 			// No token, proceed without user in context
    14. 

  14. 			next.ServeHTTP(w, r)
    15. 

  15. 			return
    16. 

  16. 		}
    17. 

  17. 

  18. 		// Extract Bearer token
    19. 

  19. 		parts := strings.SplitN(authHeader, " ", 2)
    20. 

  20. 		if len(parts) != 2 || strings.ToLower(parts[0]) != "bearer" {
    21. 

  21. 			// Invalid header format, proceed without user
    22. 

  22. 			next.ServeHTTP(w, r)
    23. 

  23. 			return
    24. 

  24. 		}
    25. 

  25. 

  26. 		tokenString := parts[1]
    27. 

  27. 		claims, err := ValidateToken(tokenString)
    28. 

  28. 		if err != nil {
    29. 

  29. 			// Invalid token, proceed without user
    30. 

  30. 			next.ServeHTTP(w, r)
    31. 

  31. 			return
    32. 

  32. 		}
    33. 

  33. 

  34. 		// Add user to context
    35. 

  35. 		user := &UserContext{
    36. 

  36. 			ID:          claims.UserID,
    37. 

  37. 			Email:       claims.Email,
    38. 

  38. 			Roles:       claims.Roles,
    39. 

  39. 			Permissions: claims.Permissions,
    40. 

  40. 		}
    41. 

  41. 

  42. 		ctx := WithUser(r.Context(), user)
    43. 

  43. 		next.ServeHTTP(w, r.WithContext(ctx))
    44. 

  44. 	})
    45. 

  45. }
    46.