login via magic link
This commit is contained in:
juancwu
parent
9fe6a6beb1
commit
94a05b0433
22 changed files with 815 additions and 122 deletions
|
|
@ -10,13 +10,58 @@ import (
|
|||
// TODO: implement clearing jwt token in auth service
|
||||
|
||||
// AuthMiddleware checks for JWT token and adds user + profile + subscription to context if valid
|
||||
func AuthMiddleware(authService *service.AuthService, userService *service.UserService) func(http.Handler) http.Handler {
|
||||
func AuthMiddleware(authService *service.AuthService, userService *service.UserService, profileService *service.ProfileService) func(http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
// TODO: get auth cookie and verify value
|
||||
// TODO: fetch user information from database if cookie value is valid
|
||||
// TODO: add user to context if valid
|
||||
next.ServeHTTP(w, r)
|
||||
// Get JWT from cookie
|
||||
cookie, err := r.Cookie("auth_token")
|
||||
if err != nil {
|
||||
// No cookie, continue without auth
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
// Verify token
|
||||
claims, err := authService.VerifyJWT(cookie.Value)
|
||||
if err != nil {
|
||||
// Invalid token, clear cookie and continue
|
||||
authService.ClearJWTCookie(w)
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
// Get user ID from claims
|
||||
userID, ok := claims["user_id"].(string)
|
||||
if !ok {
|
||||
authService.ClearJWTCookie(w)
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
// Fetch user from database
|
||||
user, err := userService.ByID(userID)
|
||||
if err != nil {
|
||||
|
||||
authService.ClearJWTCookie(w)
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
// Security: Remove password hash from context
|
||||
user.PasswordHash = nil
|
||||
|
||||
profile, err := profileService.ByUserID(userID)
|
||||
if err != nil {
|
||||
// Profile not found - this shouldn't happen but handle gracefully
|
||||
authService.ClearJWTCookie(w)
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
// Add user + profile to context
|
||||
ctx := ctxkeys.WithUser(r.Context(), user)
|
||||
ctx = ctxkeys.WithProfile(ctx, profile)
|
||||
next.ServeHTTP(w, r.WithContext(ctx))
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
@ -56,17 +101,17 @@ func RequireAuth(next http.HandlerFunc) http.HandlerFunc {
|
|||
|
||||
// Check if user has completed onboarding
|
||||
// Uses profile.Name as indicator (empty = incomplete onboarding)
|
||||
profile := ctxkeys.Profile(r.Context())
|
||||
if profile.Name == "" && r.URL.Path != "/auth/onboarding" {
|
||||
// User hasn't completed onboarding, redirect to onboarding
|
||||
if r.Header.Get("HX-Request") == "true" {
|
||||
w.Header().Set("HX-Redirect", "/auth/onboarding")
|
||||
w.WriteHeader(http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
http.Redirect(w, r, "/auth/onboarding", http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
// profile := ctxkeys.Profile(r.Context())
|
||||
// if profile.Name == "" && r.URL.Path != "/auth/onboarding" {
|
||||
// // User hasn't completed onboarding, redirect to onboarding
|
||||
// if r.Header.Get("HX-Request") == "true" {
|
||||
// w.Header().Set("HX-Redirect", "/auth/onboarding")
|
||||
// w.WriteHeader(http.StatusSeeOther)
|
||||
// return
|
||||
// }
|
||||
// http.Redirect(w, r, "/auth/onboarding", http.StatusSeeOther)
|
||||
// return
|
||||
// }
|
||||
|
||||
next.ServeHTTP(w, r)
|
||||
}
|
||||
|
|
|
|||
117
internal/middleware/auth.go.bak
Normal file
117
internal/middleware/auth.go.bak
Normal file
|
|
@ -0,0 +1,117 @@
|
|||
package middleware
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"git.juancwu.dev/juancwu/budgit/internal/ctxkeys"
|
||||
"git.juancwu.dev/juancwu/budgit/internal/service"
|
||||
)
|
||||
|
||||
// TODO: implement clearing jwt token in auth service
|
||||
|
||||
// AuthMiddleware checks for JWT token and adds user + profile + subscription to context if valid
|
||||
func AuthMiddleware(authService *service.AuthService, userService *service.UserService, profileService *service.ProfileService) func(http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
// Get JWT from cookie
|
||||
cookie, err := r.Cookie("auth_token")
|
||||
if err != nil {
|
||||
// No cookie, continue without auth
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
// Verify token
|
||||
claims, err := authService.VerifyJWT(cookie.Value)
|
||||
if err != nil {
|
||||
// Invalid token, clear cookie and continue
|
||||
authService.ClearJWTCookie(w)
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
// Get user ID from claims
|
||||
userID, ok := claims["user_id"].(int64)
|
||||
if !ok {
|
||||
authService.ClearJWTCookie(w)
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
// Fetch user from database
|
||||
user, err := userService.ByID(userID)
|
||||
if err != nil {
|
||||
authService.ClearJWTCookie(w)
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
// Security: Remove password hash from context
|
||||
user.PasswordHash = nil
|
||||
|
||||
profile, err := profileService.ByUserID(userID)
|
||||
if err != nil {
|
||||
// Profile not found - this shouldn't happen but handle gracefully
|
||||
authService.ClearJWTCookie(w)
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
// Add user + profile to context
|
||||
ctx := ctxkeys.WithUser(r.Context(), user)
|
||||
ctx = ctxkeys.WithProfile(ctx, profile)
|
||||
next.ServeHTTP(w, r.WithContext(ctx))
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// RequireGuest ensures request is not authenticated
|
||||
func RequireGuest(next http.HandlerFunc) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
user := ctxkeys.User(r.Context())
|
||||
if user != nil {
|
||||
if r.Header.Get("HX-Request") == "true" {
|
||||
w.Header().Set("HX-Redirect", "/app/dashboard")
|
||||
w.WriteHeader(http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
http.Redirect(w, r, "/app/dashboard", http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
next.ServeHTTP(w, r)
|
||||
}
|
||||
}
|
||||
|
||||
// RequireAuth ensures the user is authenticated and has completed onboarding
|
||||
func RequireAuth(next http.HandlerFunc) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
user := ctxkeys.User(r.Context())
|
||||
if user == nil {
|
||||
// For HTMX requests, use HX-Redirect header to force full page redirect
|
||||
if r.Header.Get("HX-Request") == "true" {
|
||||
w.Header().Set("HX-Redirect", "/auth")
|
||||
w.WriteHeader(http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
// For regular requests, use standard redirect
|
||||
http.Redirect(w, r, "/auth", http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
|
||||
// Check if user has completed onboarding
|
||||
// Uses profile.Name as indicator (empty = incomplete onboarding)
|
||||
// profile := ctxkeys.Profile(r.Context())
|
||||
// if profile.Name == "" && r.URL.Path != "/auth/onboarding" {
|
||||
// // User hasn't completed onboarding, redirect to onboarding
|
||||
// if r.Header.Get("HX-Request") == "true" {
|
||||
// w.Header().Set("HX-Redirect", "/auth/onboarding")
|
||||
// w.WriteHeader(http.StatusSeeOther)
|
||||
// return
|
||||
// }
|
||||
// http.Redirect(w, r, "/auth/onboarding", http.StatusSeeOther)
|
||||
// return
|
||||
// }
|
||||
|
||||
next.ServeHTTP(w, r)
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue