wip: add middlewares

2025-12-21 23:52:29 +00:00 · 2025-08-25 13:28:30 +03:00
parent 4979121395
commit ace22acdb2
6 changed files with 276 additions and 225 deletions
--- a/internal/middleware/context_middleware.go
+++ b/internal/middleware/context_middleware.go
@@ -0,0 +1,143 @@
+package middlewares
+
+import (
+	"fmt"
+	"strings"
+	"tinyauth/internal/auth"
+	"tinyauth/internal/providers"
+	"tinyauth/internal/types"
+	"tinyauth/internal/utils"
+
+	"github.com/gin-gonic/gin"
+)
+
+type ContextMiddlewareConfig struct {
+	Domain string
+}
+
+type ContextMiddleware struct {
+	Config    ContextMiddlewareConfig
+	Auth      *auth.Auth
+	Providers *providers.Providers
+}
+
+func NewContextMiddleware(config ContextMiddlewareConfig, auth *auth.Auth, providers *providers.Providers) *ContextMiddleware {
+	return &ContextMiddleware{
+		Config:    config,
+		Auth:      auth,
+		Providers: providers,
+	}
+}
+
+func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		cookie, err := m.Auth.GetSessionCookie(c)
+
+		if err != nil {
+			goto basic
+		}
+
+		if cookie.TotpPending {
+			c.Set("context", &types.UserContext{
+				Username:    cookie.Username,
+				Name:        cookie.Name,
+				Email:       cookie.Email,
+				Provider:    "username",
+				TotpPending: true,
+				TotpEnabled: true,
+			})
+			c.Next()
+			return
+		}
+
+		switch cookie.Provider {
+		case "username":
+			userSearch := m.Auth.SearchUser(cookie.Username)
+
+			if userSearch.Type == "unknown" {
+				goto basic
+			}
+
+			c.Set("context", &types.UserContext{
+				Username:   cookie.Username,
+				Name:       cookie.Name,
+				Email:      cookie.Email,
+				Provider:   "username",
+				IsLoggedIn: true,
+			})
+			c.Next()
+			return
+		default:
+			provider := m.Providers.GetProvider(cookie.Provider)
+
+			if provider == nil {
+				goto basic
+			}
+
+			if !m.Auth.EmailWhitelisted(cookie.Email) {
+				m.Auth.DeleteSessionCookie(c)
+				goto basic
+			}
+
+			c.Set("context", &types.UserContext{
+				Username:    cookie.Username,
+				Name:        cookie.Name,
+				Email:       cookie.Email,
+				Provider:    cookie.Provider,
+				OAuthGroups: cookie.OAuthGroups,
+				IsLoggedIn:  true,
+				OAuth:       true,
+			})
+			c.Next()
+			return
+		}
+
+	basic:
+		basic := m.Auth.GetBasicAuth(c)
+
+		if basic == nil {
+			c.Next()
+			return
+		}
+
+		userSearch := m.Auth.SearchUser(basic.Username)
+
+		if userSearch.Type == "unknown" {
+			c.Next()
+			return
+		}
+
+		if !m.Auth.VerifyUser(userSearch, basic.Password) {
+			c.Next()
+			return
+		}
+
+		switch userSearch.Type {
+		case "local":
+			user := m.Auth.GetLocalUser(basic.Username)
+
+			c.Set("context", &types.UserContext{
+				Username:    user.Username,
+				Name:        utils.Capitalize(user.Username),
+				Email:       fmt.Sprintf("%s@%s", strings.ToLower(user.Username), m.Config.Domain),
+				Provider:    "basic",
+				IsLoggedIn:  true,
+				TotpEnabled: user.TotpSecret != "",
+			})
+			c.Next()
+			return
+		case "ldap":
+			c.Set("context", &types.UserContext{
+				Username:   basic.Username,
+				Name:       utils.Capitalize(basic.Username),
+				Email:      fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), m.Config.Domain),
+				Provider:   "basic",
+				IsLoggedIn: true,
+			})
+			c.Next()
+			return
+		}
+
+		c.Next()
+	}
+}
--- a/internal/middleware/ui_middlware.go
+++ b/internal/middleware/ui_middlware.go
@@ -0,0 +1,66 @@
+package middlewares
+
+import (
+	"io/fs"
+	"net/http"
+	"os"
+	"strings"
+	"tinyauth/internal/assets"
+
+	"github.com/gin-gonic/gin"
+)
+
+type UIMiddleware struct {
+	UIFS                fs.FS
+	UIFileServer        http.Handler
+	ResourcesFileServer http.Handler
+}
+
+func NewUIMiddleware() (*UIMiddleware, error) {
+	ui, err := fs.Sub(assets.Assets, "dist")
+
+	if err != nil {
+		return nil, err
+	}
+
+	uiFileServer := http.FileServer(http.FS(ui))
+	resourcesFileServer := http.FileServer(http.Dir("/data/resources"))
+
+	return &UIMiddleware{
+		UIFS:                ui,
+		UIFileServer:        uiFileServer,
+		ResourcesFileServer: resourcesFileServer,
+	}, nil
+}
+
+func (m UIMiddleware) Middlware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		switch strings.Split(c.Request.URL.Path, "/")[1] {
+		case "api":
+			c.Next()
+			return
+		case "resources":
+			_, err := os.Stat("/data/resources/" + strings.TrimPrefix(c.Request.URL.Path, "/resources/"))
+
+			if os.IsNotExist(err) {
+				c.Status(404)
+				c.Abort()
+				return
+			}
+
+			m.ResourcesFileServer.ServeHTTP(c.Writer, c.Request)
+			c.Abort()
+			return
+		default:
+			_, err := fs.Stat(m.UIFS, strings.TrimPrefix(c.Request.URL.Path, "/"))
+
+			if os.IsNotExist(err) {
+				c.Request.URL.Path = "/"
+			}
+
+			m.UIFileServer.ServeHTTP(c.Writer, c.Request)
+			c.Abort()
+			return
+		}
+	}
+}
--- a/internal/middleware/zerolog_middleware.go
+++ b/internal/middleware/zerolog_middleware.go
@@ -0,0 +1,62 @@
+package middlewares
+
+import (
+	"strings"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/rs/zerolog/log"
+)
+
+var (
+	loggerSkipPathsPrefix = []string{
+		"GET /api/healthcheck",
+		"HEAD /api/healthcheck",
+		"GET /favicon.ico",
+	}
+)
+
+type ZerologMiddleware struct{}
+
+func NewZerologMiddleware() *ZerologMiddleware {
+	return &ZerologMiddleware{}
+}
+
+func (m ZerologMiddleware) logPath(path string) bool {
+	for _, prefix := range loggerSkipPathsPrefix {
+		if strings.HasPrefix(path, prefix) {
+			return false
+		}
+	}
+	return true
+}
+
+func (m ZerologMiddleware) Middlware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		tStart := time.Now()
+
+		c.Next()
+
+		code := c.Writer.Status()
+		address := c.Request.RemoteAddr
+		clientIP := c.ClientIP()
+		method := c.Request.Method
+		path := c.Request.URL.Path
+
+		latency := time.Since(tStart).String()
+
+		// logPath check if the path should be logged normally or with debug
+		if m.logPath(method + " " + path) {
+			switch {
+			case code >= 200 && code < 300:
+				log.Info().Str("method", method).Str("path", path).Str("address", address).Str("clientIp", clientIP).Int("status", code).Str("latency", latency).Msg("Request")
+			case code >= 300 && code < 400:
+				log.Warn().Str("method", method).Str("path", path).Str("address", address).Str("clientIp", clientIP).Int("status", code).Str("latency", latency).Msg("Request")
+			case code >= 400:
+				log.Error().Str("method", method).Str("path", path).Str("address", address).Str("clientIp", clientIP).Int("status", code).Str("latency", latency).Msg("Request")
+			}
+		} else {
+			log.Debug().Str("method", method).Str("path", path).Str("address", address).Int("status", code).Str("latency", latency).Msg("Request")
+		}
+	}
+}