1 files changed, 55 insertions, 0 deletions
diff --git a/api/internal/middleware/middleware.go b/api/internal/middleware/middleware.go
new file mode 100644
index 0000000..819f1e5
--- /dev/null
+++ b/api/internal/middleware/middleware.go
@@ -0,0 +1,55 @@
+package middleware
+import (
+        "errors"
+        "github.com/gin-gonic/gin"
+        "log"
+        "net/http"
+        "strings"
+)
+func TokenRequired() gin.HandlerFunc {
+        return func(c *gin.Context) {
+                _, err := checkForTokenInContext(c)
+                if err != nil {
+                        c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
+                        c.Abort()
+                        return
+                }
+                c.Next()
+        }
+}
+func CORSMiddleware() gin.HandlerFunc {
+        return func(c *gin.Context) {
+                c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
+                c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
+                c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
+                c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT")
+                if c.Request.Method == "OPTIONS" {
+                        log.Println(c.Request.Header)
+                        c.AbortWithStatus(http.StatusNoContent)
+                        return
+                }
+                c.Next()
+        }
+}
+func checkForTokenInContext(c *gin.Context) (string, error) {
+        authorizationHeader := c.GetHeader("Authorization")
+        if authorizationHeader == "" {
+                return "", errors.New("authorization header is missing")
+        }
+        parts := strings.Split(authorizationHeader, " ")
+        if len(parts) != 2 || parts[0] != "Bearer" {
+                return "", errors.New("invalid Authorization header format")
+        }
+        return parts[1], nil
+}
+\ No newline at end of file

diff --git a/api/internal/middleware/middleware.go b/api/internal/middleware/middleware.go new file mode 100644 index 0000000..819f1e5 --- /dev/null +++ b/api/internal/middleware/middleware.go
@@ -0,0 +1,55 @@
	1	package middleware
	2
	3	import (
	4	"errors"
	5	"github.com/gin-gonic/gin"
	6	"log"
	7	"net/http"
	8	"strings"
	9	)
	10
	11	func TokenRequired() gin.HandlerFunc {
	12	return func(c *gin.Context) {
	13	_, err := checkForTokenInContext(c)
	14
	15	if err != nil {
	16	c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
	17	c.Abort()
	18	return
	19	}
	20
	21	c.Next()
	22	}
	23	}
	24
	25	func CORSMiddleware() gin.HandlerFunc {
	26	return func(c *gin.Context) {
	27	c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
	28	c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
	29	c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
	30	c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT")
	31
	32	if c.Request.Method == "OPTIONS" {
	33	log.Println(c.Request.Header)
	34	c.AbortWithStatus(http.StatusNoContent)
	35	return
	36	}
	37
	38	c.Next()
	39	}
	40	}
	41
	42	func checkForTokenInContext(c *gin.Context) (string, error) {
	43	authorizationHeader := c.GetHeader("Authorization")
	44	if authorizationHeader == "" {
	45	return "", errors.New("authorization header is missing")
	46	}
	47
	48	parts := strings.Split(authorizationHeader, " ")
	49
	50	if len(parts) != 2 \|\| parts[0] != "Bearer" {
	51	return "", errors.New("invalid Authorization header format")
	52	}
	53
	54	return parts[1], nil
	55	} \ No newline at end of file