arcodange/dance-lessons-coach
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

📝 docs: add comprehensive SOLID analysis and code review findings
Some checks failed
CI/CD Pipeline / CI Pipeline (push) Has been cancelled
Details
CI/CD Pipeline / CI Pipeline (pull_request) Successful in 15m34s
Details

Browse Source 
- Documented SOLID principle violations across codebase
- Identified security best practice improvements needed
- Analyzed performance optimization opportunities
- Added detailed refactoring recommendations
- Updated ADR-0018 with JWT secret rotation reference
- Enabled gitea-client skill for programmer agent

This commit captures the current state analysis before implementing improvements.
This commit is contained in:
Gabriel Radureau
2026-04-06 23:49:03 +02:00
parent 72b9d35299
commit 08202a578d
16 changed files with 1015 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
pkg/server/middleware.go Normal file
View File

@@ -0,0 +1,62 @@
package server
import (
"context"
"net/http"
"dance-lessons-coach/pkg/greet"
"dance-lessons-coach/pkg/user"
"github.com/rs/zerolog/log"
)
// AuthMiddleware handles JWT authentication and adds user to context
type AuthMiddleware struct {
authService user.AuthService
}
// NewAuthMiddleware creates a new authentication middleware
func NewAuthMiddleware(authService user.AuthService) *AuthMiddleware {
return &AuthMiddleware{
authService: authService,
}
}
// Middleware returns the authentication middleware function
func (m *AuthMiddleware) Middleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
// Extract Authorization header
authHeader := r.Header.Get("Authorization")
if authHeader == "" {
// No authorization header, pass through with no user
next.ServeHTTP(w, r)
return
}
// Extract token from "Bearer <token>" format
const bearerPrefix = "Bearer "
if len(authHeader) < len(bearerPrefix) || authHeader[:len(bearerPrefix)] != bearerPrefix {
log.Trace().Ctx(ctx).Str("auth_header", authHeader).Msg("Invalid authorization header format")
next.ServeHTTP(w, r)
return
}
token := authHeader[len(bearerPrefix):]
// Validate JWT token
validatedUser, err := m.authService.ValidateJWT(ctx, token)
if err != nil {
log.Trace().Ctx(ctx).Err(err).Msg("JWT validation failed")
next.ServeHTTP(w, r)
return
}
// Add user to context
ctxWithUser := context.WithValue(ctx, greet.UserContextKey, validatedUser)
r = r.WithContext(ctxWithUser)
// Continue to next handler
next.ServeHTTP(w, r)
})
}