79 lines
2.1 KiB
Go
79 lines
2.1 KiB
Go
package http
|
|
|
|
import (
|
|
"context"
|
|
"log"
|
|
"net/http"
|
|
"time"
|
|
)
|
|
|
|
// ContextKey used to store values in context
|
|
type ContextKey string
|
|
|
|
const (
|
|
ContextKeyRequestID ContextKey = "request-id"
|
|
)
|
|
|
|
// RequestID middleware sets a request ID in headers and request context
|
|
func RequestID(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
|
|
// Logging middleware prints basic request logs
|
|
func Logging(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
start := time.Now()
|
|
next.ServeHTTP(w, r)
|
|
log.Printf("%s %s in %v", r.Method, r.URL.Path, time.Since(start))
|
|
})
|
|
}
|
|
|
|
// Auth middleware placeholder to authenticate users
|
|
func Auth(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
// Basic dev auth: read X-Auth-User; in real world, validate session/jwt
|
|
username := r.Header.Get("X-Auth-User")
|
|
if username == "" {
|
|
username = "anonymous"
|
|
}
|
|
// Role hint: header X-Auth-Role (admin/operator/viewer)
|
|
role := r.Header.Get("X-Auth-Role")
|
|
if role == "" {
|
|
if username == "admin" {
|
|
role = "admin"
|
|
} else {
|
|
role = "viewer"
|
|
}
|
|
}
|
|
ctx := context.WithValue(r.Context(), ContextKey("user"), username)
|
|
ctx = context.WithValue(ctx, ContextKey("user.role"), role)
|
|
next.ServeHTTP(w, r.WithContext(ctx))
|
|
})
|
|
}
|
|
|
|
// CSRF middleware placeholder (reads X-CSRF-Token)
|
|
func CSRFMiddleware(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
// TODO: check and enforce CSRF tokens for mutating requests
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
|
|
// RBAC middleware placeholder
|
|
func RBAC(permission string) func(http.Handler) http.Handler {
|
|
return func(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
// Try to read role from context and permit admin always
|
|
role := r.Context().Value(ContextKey("user.role"))
|
|
if role == "admin" {
|
|
next.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
// For now, only admin is permitted; add permission checks here
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
}
|