init

internal/middleware/auth_middleware.go

@@ -0,0 +1,129 @@
+// Package middleware provides HTTP middleware for the application
+package middleware
+
+import (
+	"strings"
+
+	"accounting-app/pkg/api"
+	"accounting-app/internal/service"
+
+	"github.com/gin-gonic/gin"
+)
+
+// ContextKey type for context keys
+type ContextKey string
+
+const (
+	// UserIDKey is the context key for user ID
+	UserIDKey ContextKey = "user_id"
+	// UserEmailKey is the context key for user email
+	UserEmailKey ContextKey = "user_email"
+)
+
+// AuthMiddlewareStruct is a struct-based auth middleware
+type AuthMiddlewareStruct struct {
+	authService *service.AuthService
+}
+
+// NewAuthMiddleware creates a new AuthMiddlewareStruct
+func NewAuthMiddleware(authService *service.AuthService) *AuthMiddlewareStruct {
+	return &AuthMiddlewareStruct{authService: authService}
+}
+
+// RequireAuth returns a middleware that requires authentication
+func (m *AuthMiddlewareStruct) RequireAuth() gin.HandlerFunc {
+	return AuthMiddleware(m.authService)
+}
+
+// AuthMiddleware creates a JWT authentication middleware
+// Feature: api-interface-optimization
+// Validates: Requirements 12.3, 12.4
+func AuthMiddleware(authService *service.AuthService) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		// Get Authorization header
+		authHeader := c.GetHeader("Authorization")
+		if authHeader == "" {
+			api.Unauthorized(c, "Authorization header is required")
+			c.Abort()
+			return
+		}
+
+		// Check Bearer prefix
+		parts := strings.SplitN(authHeader, " ", 2)
+		if len(parts) != 2 || strings.ToLower(parts[0]) != "bearer" {
+			api.Unauthorized(c, "Invalid authorization header format")
+			c.Abort()
+			return
+		}
+
+		tokenString := parts[1]
+
+		// Validate token
+		claims, err := authService.ValidateToken(tokenString)
+		if err != nil {
+			switch err {
+			case service.ErrTokenExpired:
+				api.Unauthorized(c, "Token has expired")
+			case service.ErrInvalidToken:
+				api.Unauthorized(c, "Invalid token")
+			default:
+				api.Unauthorized(c, "Authentication failed")
+			}
+			c.Abort()
+			return
+		}
+
+		// Set user info in context
+		c.Set(string(UserIDKey), claims.UserID)
+		c.Set(string(UserEmailKey), claims.Email)
+
+		c.Next()
+	}
+}
+
+// OptionalAuthMiddleware creates an optional JWT authentication middleware
+// This middleware will set user info if a valid token is provided, but won't block requests without tokens
+func OptionalAuthMiddleware(authService *service.AuthService) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		authHeader := c.GetHeader("Authorization")
+		if authHeader == "" {
+			c.Next()
+			return
+		}
+
+		parts := strings.SplitN(authHeader, " ", 2)
+		if len(parts) != 2 || strings.ToLower(parts[0]) != "bearer" {
+			c.Next()
+			return
+		}
+
+		tokenString := parts[1]
+		claims, err := authService.ValidateToken(tokenString)
+		if err == nil {
+			c.Set(string(UserIDKey), claims.UserID)
+			c.Set(string(UserEmailKey), claims.Email)
+		}
+
+		c.Next()
+	}
+}
+
+// GetUserID retrieves the user ID from the context
+func GetUserID(c *gin.Context) (uint, bool) {
+	userID, exists := c.Get(string(UserIDKey))
+	if !exists {
+		return 0, false
+	}
+	id, ok := userID.(uint)
+	return id, ok
+}
+
+// GetUserEmail retrieves the user email from the context
+func GetUserEmail(c *gin.Context) (string, bool) {
+	email, exists := c.Get(string(UserEmailKey))
+	if !exists {
+		return "", false
+	}
+	e, ok := email.(string)
+	return e, ok
+}