feat(api): 🔒 check auth for routes

IgorPolyakov · IgorPolyakov · commit 8479ddc68403 · 2025-04-08T01:03:23.000+03:00
diff --git a/api/openapi.yaml b/api/openapi.yaml
@@ -48,8 +48,6 @@ paths:
         Authenticates a user by user_name and password, starts a new session,
         and returns a session cookie.
       operationId: signInUser
-      security:
-        - sessionAuth: []
       requestBody:
         required: true
         content:
diff --git a/cmd/main.go b/cmd/main.go
@@ -9,9 +9,10 @@ import (
 	"ctf01d/internal/config"
 	"ctf01d/internal/handler"
 	"ctf01d/internal/httpserver"
+	"ctf01d/internal/middleware/auth"
 	migration "ctf01d/internal/migrations/psql"
+	"ctf01d/internal/repository"
 	"ctf01d/pkg/ginmiddleware"
-
 	"github.com/getkin/kin-openapi/openapi3"
 	"github.com/getkin/kin-openapi/openapi3filter"
 	"github.com/gin-contrib/cors"
@@ -31,11 +32,14 @@ func main() {
 		slog.Error("Config error: " + err.Error())
 		os.Exit(1)
 	}
+
 	logger := slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{
 		Level: slog.Level(cfg.ParseLogLevel(cfg.Log.Level)),
 	}))
 	slog.SetDefault(logger)
 	slog.Info("Config path is - " + path)
+
+	// Подключение к БД
 	db, err := migration.InitDatabase(cfg)
 	if err != nil {
 		slog.Error("Database connection error: " + err.Error())
@@ -70,7 +74,13 @@ func main() {
 
 	// API-группа, к которой применяются валидаторы
 	apiGroup := router.Group("/", requestValidator, responseValidator)
-	httpserver.RegisterHandlers(apiGroup, hndlr)
+	sessionRepo := repository.NewSessionRepository(db)
+	options := httpserver.GinServerOptions{
+		Middlewares: []httpserver.MiddlewareFunc{
+			auth.AuthenticationMiddleware(sessionRepo),
+		},
+	}
+	httpserver.RegisterHandlersWithOptions(apiGroup, hndlr, options)
 
 	// HTML маршрутизатор для корня
 	router.GET("/", httpserver.NewHtmlRouter())
diff --git a/internal/httpserver/httpserver.gen.go b/internal/httpserver/httpserver.gen.go
diff --git a/internal/middleware/auth/authentication.go b/internal/middleware/auth/authentication.go
@@ -0,0 +1,36 @@
+package auth
+
+import (
+	"net/http"
+
+	"ctf01d/internal/httpserver"
+	"ctf01d/internal/repository"
+	"github.com/gin-gonic/gin"
+)
+
+func AuthenticationMiddleware(repo repository.SessionRepository) httpserver.MiddlewareFunc {
+	return func(c *gin.Context) {
+		// Проверка, нужен ли вообще роуту токен для авторизации
+		_, sessionExists := c.Keys["sessionAuth.Scopes"]
+
+		if !sessionExists {
+			c.Next()
+			return
+		}
+
+		sessionCookie, err := c.Cookie("session_id")
+		if err != nil || sessionCookie == "" {
+			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Session cookie required"})
+			return
+		}
+
+		userId, err := repo.GetSessionFromDB(c, sessionCookie)
+		if err != nil {
+			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid session"})
+			return
+		}
+
+		c.Set("user_id", userId)
+		c.Next()
+	}
+}
