drive/apps/backend/internal/auth/middleware.go

package auth

import (
	"errors"
	"log/slog"
	"strings"

	"github.com/get-drexa/drexa/internal/httperr"
	"github.com/get-drexa/drexa/internal/user"
	"github.com/gofiber/fiber/v2"
	"github.com/uptrace/bun"
)

const authenticatedUserKey = "authenticatedUser"

// NewBearerAuthMiddleware is a middleware that authenticates a request using a bearer token.
// To obtain the authenticated user in subsequent handlers, see AuthenticatedUser.
func NewBearerAuthMiddleware(s *Service, db *bun.DB) fiber.Handler {
	return func(c *fiber.Ctx) error {
		authHeader := c.Get("Authorization")
		if authHeader == "" {
			slog.Info("no auth header")
			return c.SendStatus(fiber.StatusUnauthorized)
		}

		parts := strings.Split(authHeader, " ")
		if len(parts) != 2 || parts[0] != "Bearer" {
			slog.Info("invalid auth header")
			return c.SendStatus(fiber.StatusUnauthorized)
		}

		token := parts[1]
		u, err := s.AuthenticateWithAccessToken(c.Context(), db, token)
		if err != nil {
			var e *InvalidAccessTokenError
			if errors.As(err, &e) {
				slog.Info("invalid access token")
				return c.SendStatus(fiber.StatusUnauthorized)
			}

			var nf *user.NotFoundError
			if errors.As(err, &nf) {
				slog.Info("user not found")
				return c.SendStatus(fiber.StatusUnauthorized)
			}

			return httperr.Internal(err)
		}

		c.Locals(authenticatedUserKey, u)

		return c.Next()
	}
}

// AuthenticatedUser returns the authenticated user from the given fiber context.
// Returns ErrUnauthenticatedRequest if not authenticated.
func AuthenticatedUser(c *fiber.Ctx) (*user.User, error) {
	if u, ok := c.Locals(authenticatedUserKey).(*user.User); ok {
		return u, nil
	}
	return nil, ErrUnauthenticatedRequest
}
feat: impl bearer auth middleware 2025-11-26 01:09:42 +00:00			`package auth`

			`import (`
			`"errors"`
feat: improve err logging 2025-11-30 19:19:33 +00:00			`"log/slog"`
feat: impl bearer auth middleware 2025-11-26 01:09:42 +00:00			`"strings"`

feat: improve err logging 2025-11-30 19:19:33 +00:00			`"github.com/get-drexa/drexa/internal/httperr"`
feat: impl bearer auth middleware 2025-11-26 01:09:42 +00:00			`"github.com/get-drexa/drexa/internal/user"`
			`"github.com/gofiber/fiber/v2"`
fix: registration endpoint and db auto close issue 2025-11-29 20:51:56 +00:00			`"github.com/uptrace/bun"`
feat: impl bearer auth middleware 2025-11-26 01:09:42 +00:00			`)`

			`const authenticatedUserKey = "authenticatedUser"`

			`// NewBearerAuthMiddleware is a middleware that authenticates a request using a bearer token.`
			`// To obtain the authenticated user in subsequent handlers, see AuthenticatedUser.`
fix: registration endpoint and db auto close issue 2025-11-29 20:51:56 +00:00			`func NewBearerAuthMiddleware(s Service, db bun.DB) fiber.Handler {`
feat: impl bearer auth middleware 2025-11-26 01:09:42 +00:00			`return func(c *fiber.Ctx) error {`
			`authHeader := c.Get("Authorization")`
			`if authHeader == "" {`
feat: improve err logging 2025-11-30 19:19:33 +00:00			`slog.Info("no auth header")`
feat: impl bearer auth middleware 2025-11-26 01:09:42 +00:00			`return c.SendStatus(fiber.StatusUnauthorized)`
			`}`

			`parts := strings.Split(authHeader, " ")`
			`if len(parts) != 2 \|\| parts[0] != "Bearer" {`
feat: improve err logging 2025-11-30 19:19:33 +00:00			`slog.Info("invalid auth header")`
feat: impl bearer auth middleware 2025-11-26 01:09:42 +00:00			`return c.SendStatus(fiber.StatusUnauthorized)`
			`}`

			`token := parts[1]`
fix: registration endpoint and db auto close issue 2025-11-29 20:51:56 +00:00			`u, err := s.AuthenticateWithAccessToken(c.Context(), db, token)`
feat: impl bearer auth middleware 2025-11-26 01:09:42 +00:00			`if err != nil {`
			`var e *InvalidAccessTokenError`
			`if errors.As(err, &e) {`
feat: improve err logging 2025-11-30 19:19:33 +00:00			`slog.Info("invalid access token")`
feat: impl bearer auth middleware 2025-11-26 01:09:42 +00:00			`return c.SendStatus(fiber.StatusUnauthorized)`
			`}`

			`var nf *user.NotFoundError`
			`if errors.As(err, &nf) {`
feat: improve err logging 2025-11-30 19:19:33 +00:00			`slog.Info("user not found")`
feat: impl bearer auth middleware 2025-11-26 01:09:42 +00:00			`return c.SendStatus(fiber.StatusUnauthorized)`
			`}`

feat: improve err logging 2025-11-30 19:19:33 +00:00			`return httperr.Internal(err)`
feat: impl bearer auth middleware 2025-11-26 01:09:42 +00:00			`}`

			`c.Locals(authenticatedUserKey, u)`

			`return c.Next()`
			`}`
			`}`

			`// AuthenticatedUser returns the authenticated user from the given fiber context.`
			`// Returns ErrUnauthenticatedRequest if not authenticated.`
			`func AuthenticatedUser(c fiber.Ctx) (user.User, error) {`
			`if u, ok := c.Locals(authenticatedUserKey).(*user.User); ok {`
			`return u, nil`
			`}`
			`return nil, ErrUnauthenticatedRequest`
			`}`