feat: add authentication middleware

raphico · raphico · commit 69226d4150e2 · 2025-08-17T23:06:57.000+01:00
diff --git a/README.md b/README.md
@@ -15,7 +15,7 @@ A backend service built with **Go** for managing IoT devices, collecting telemet
 - **Telemetry Collection** (time-series sensor data)
 - **Command Dispatch** to devices
 - **Dockerized** for consistent deployment
-- **Testing** (unit & integration)
+- **Testing** (integration)
 - **CI/CD** pipeline (GitHub Actions)
 
 ## Tech Stack
diff --git a/internal/app/bootstrap.go b/internal/app/bootstrap.go
@@ -21,7 +21,9 @@ func BuildApp(log *logger.Logger, dbpool *pgxpool.Pool, cfg config.Config) http.
 	userService := user.NewService(userRepo)
 	userHandler := transporthttp.NewUserHandler(log, cfg, userService, tokenService)
 
-	router := transporthttp.NewRouter(log, userHandler)
+	userMiddleware := transporthttp.NewUserMiddleware(tokenService)
+
+	router := transporthttp.NewRouter(log, userMiddleware, userHandler)
 
 	return router
 }
diff --git a/internal/domain/user/user.go b/internal/domain/user/user.go
@@ -35,6 +35,12 @@ type Password struct {
 	hash []byte
 }
 
+var AnonymousUser = &User{}
+
+func (u *User) IsAnonymous() bool {
+	return u == AnonymousUser
+}
+
 func newUser(email, username, password string) (*User, error) {
 	addr, err := NewEmail(email)
 	if err != nil {
diff --git a/internal/transport/http/logging_middleware.go b/internal/transport/http/logging_middleware.go
@@ -0,0 +1,23 @@
+package http
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+
+	chimw "github.com/go-chi/chi/v5/middleware"
+	"github.com/raphico/go-device-telemetry-api/internal/logger"
+)
+
+func loggingMiddleware(log *logger.Logger) func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			start := time.Now()
+			next.ServeHTTP(w, r)
+			log.Info(fmt.Sprintf(
+				"HTTP request: method=%s, path=%s, remote=%s, duration=%s, reqID=%s",
+				r.Method, r.URL.Path, r.RemoteAddr, time.Since(start), chimw.GetReqID(r.Context()),
+			))
+		})
+	}
+}
diff --git a/internal/transport/http/router.go b/internal/transport/http/router.go
@@ -10,42 +10,40 @@ import (
 	"github.com/raphico/go-device-telemetry-api/internal/logger"
 )
 
-func NewRouter(log *logger.Logger, userHandler *UserHandler) http.Handler {
+func NewRouter(log *logger.Logger, userMw *UserMiddleware, userHandler *UserHandler) http.Handler {
 	r := chi.NewRouter()
 
 	r.Use(chimw.RequestID)
 	r.Use(chimw.RealIP)
 	r.Use(chimw.Recoverer)
+	r.Use(userMw.AuthMiddleware)
 	r.Use(loggingMiddleware(log))
 	r.Use(chimw.Timeout(60 * time.Second))
 
 	r.Route("/api/v1", func(r chi.Router) {
+		r.Route("/auth", func(r chi.Router) {
+			r.Post("/register", userHandler.RegisterUser)
+			r.Post("/login", userHandler.LoginUser)
+			r.Post("/refresh", userHandler.RefreshAccessToken)
+		})
+
+		r.Group(func(r chi.Router) {
+			r.Use(userMw.RequireAuthMiddleware)
+
+			r.Get("/", func(w http.ResponseWriter, r *http.Request) {
+				w.WriteHeader(http.StatusOK)
+				_, _ = w.Write([]byte("OK"))
+			})
+		})
+
 		r.Get("/health", func(w http.ResponseWriter, r *http.Request) {
 			w.WriteHeader(http.StatusOK)
 			if _, err := w.Write([]byte("OK")); err != nil {
 				log.Error(fmt.Sprintf("failed to write health response: %v", err))
 			}
 		})
 
-		r.Route("/auth", func(r chi.Router) {
-			r.Post("/register", userHandler.RegisterUser)
-			r.Post("/login", userHandler.LoginUser)
-			r.Post("/refresh", userHandler.RefreshAccessToken)
-		})
 	})
 
 	return r
 }
-
-func loggingMiddleware(log *logger.Logger) func(http.Handler) http.Handler {
-	return func(next http.Handler) http.Handler {
-		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			start := time.Now()
-			next.ServeHTTP(w, r)
-			log.Info(fmt.Sprintf(
-				"HTTP request: method=%s, path=%s, remote=%s, duration=%s, reqID=%s",
-				r.Method, r.URL.Path, r.RemoteAddr, time.Since(start), chimw.GetReqID(r.Context()),
-			))
-		})
-	}
-}
diff --git a/internal/transport/http/user_middleware.go b/internal/transport/http/user_middleware.go
@@ -0,0 +1,63 @@
+package http
+
+import (
+	"context"
+	"net/http"
+	"strings"
+
+	"github.com/raphico/go-device-telemetry-api/internal/domain/token"
+	"github.com/raphico/go-device-telemetry-api/internal/domain/user"
+)
+
+type UserMiddleware struct {
+	tokenService *token.Service
+}
+
+type contextKey struct{}
+
+var userCtxKey = &contextKey{}
+
+func NewUserMiddleware(tokenService *token.Service) *UserMiddleware {
+	return &UserMiddleware{
+		tokenService: tokenService,
+	}
+}
+
+func (um *UserMiddleware) AuthMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Add("Vary", "Authorization")
+
+		authHeader := r.Header.Get("Authorization")
+		if !strings.HasPrefix(authHeader, "Bearer ") {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		accessToken := strings.TrimPrefix(authHeader, "Bearer ")
+		userId, err := um.tokenService.ValidateAccessToken(accessToken)
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		ctx := context.WithValue(r.Context(), userCtxKey, userId)
+		next.ServeHTTP(w, r.WithContext(ctx))
+	})
+}
+
+func (um *UserMiddleware) RequireAuthMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		_, ok := r.Context().Value(userCtxKey).(user.UserID)
+		if !ok {
+			WriteJSONError(w, http.StatusUnauthorized, "unauthorized", "authentication required")
+			return
+		}
+
+		next.ServeHTTP(w, r)
+	})
+}
+
+func GetUserID(ctx context.Context) (user.UserID, bool) {
+	userID, ok := ctx.Value(userCtxKey).(user.UserID)
+	return userID, ok
+}

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,9 @@ func BuildApp(log logger.Logger, dbpool pgxpool.Pool, cfg config.Config) http.`
`21`	`21`	`userService := user.NewService(userRepo)`
`22`	`22`	`userHandler := transporthttp.NewUserHandler(log, cfg, userService, tokenService)`
`23`	`23`
`24`		`- router := transporthttp.NewRouter(log, userHandler)`
	`24`	`+ userMiddleware := transporthttp.NewUserMiddleware(tokenService)`
	`25`	`+`
	`26`	`+ router := transporthttp.NewRouter(log, userMiddleware, userHandler)`
`25`	`27`
`26`	`28`	`return router`
`27`	`29`	`}`