add membership

local/middleware/auth.go

@@ -0,0 +1,60 @@
+package middleware
+
+import (
+	"acc-server-manager/local/service"
+	"acc-server-manager/local/utl/jwt"
+	"strings"
+
+	"github.com/gofiber/fiber/v2"
+	"github.com/google/uuid"
+)
+
+// AuthMiddleware provides authentication and permission middleware.
+type AuthMiddleware struct {
+	membershipService *service.MembershipService
+}
+
+// NewAuthMiddleware creates a new AuthMiddleware.
+func NewAuthMiddleware(ms *service.MembershipService) *AuthMiddleware {
+	return &AuthMiddleware{
+		membershipService: ms,
+	}
+}
+
+// Authenticate is a middleware for JWT authentication.
+func (m *AuthMiddleware) Authenticate(ctx *fiber.Ctx) error {
+	authHeader := ctx.Get("Authorization")
+	if authHeader == "" {
+		return ctx.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "Missing or malformed JWT"})
+	}
+
+	parts := strings.Split(authHeader, " ")
+	if len(parts) != 2 || parts[0] != "Bearer" {
+		return ctx.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "Missing or malformed JWT"})
+	}
+
+	claims, err := jwt.ValidateToken(parts[1])
+	if err != nil {
+		return ctx.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "Invalid or expired JWT"})
+	}
+
+	ctx.Locals("userID", claims.UserID)
+	return ctx.Next()
+}
+
+// HasPermission is a middleware for checking user permissions.
+func (m *AuthMiddleware) HasPermission(requiredPermission string) fiber.Handler {
+	return func(ctx *fiber.Ctx) error {
+		userID, ok := ctx.Locals("userID").(uuid.UUID)
+		if !ok {
+			return ctx.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "Unauthorized"})
+		}
+
+		has, err := m.membershipService.HasPermission(ctx.UserContext(), userID, requiredPermission)
+		if err != nil || !has {
+			return ctx.Status(fiber.StatusForbidden).JSON(fiber.Map{"error": "Forbidden"})
+		}
+
+		return ctx.Next()
+	}
+}