rede5/photum
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
photum/backend/internal/auth/middleware.go
NANDO9322 a337e27f2a feat(auth): implementação do fluxo de cadastro duplo (clientes e profissionais) 
- backend: atualizado /auth/register para retornar userId e access_token
- backend: desabilitada criação automática de perfil parcial no registro
- backend: adicionado suporte a cookie access_token no middleware e handlers
- frontend: atualizado AuthContext para enviar role e retornar token
- frontend: implementado registro de profissional em 2 etapas (Usuário -> Perfil)
- frontend: adicionado serviço createProfessional com suporte a header de auth
- frontend: definido role correto (EVENT_OWNER) para cadastro de clientes
2025-12-12 13:01:30 -03:00

47 lines
1.1 KiB
Go
Raw Blame History

package auth
import (
"net/http"
"strings"
"photum-backend/internal/config"
"github.com/gin-gonic/gin"
)
func AuthMiddleware(cfg *config.Config) gin.HandlerFunc {
return func(c *gin.Context) {
authHeader := c.GetHeader("Authorization")
var tokenString string
if authHeader != "" {
parts := strings.Split(authHeader, " ")
if len(parts) == 2 && parts[0] == "Bearer" {
tokenString = parts[1]
} else if len(parts) == 1 && parts[0] != "" {
tokenString = parts[0]
} else {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid authorization header format"})
return
}
} else {
// Try to get from cookie
cookie, err := c.Cookie("access_token")
if err == nil && cookie != "" {
tokenString = cookie
} else {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "authorization header required"})
return
}
}
claims, err := ValidateToken(tokenString, cfg.JwtAccessSecret)
if err != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid token"})
return
}
c.Set("userID", claims.UserID.String())
c.Set("role", claims.Role)
c.Next()
}
}
Reference in a new issue View git blame Copy permalink