arcodange/dance-lessons-coach
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

♻️ refactor(server): split AuthMiddleware into Optional/Required (RFC 6750 + ISP narrow interface) #91

Manually merged
arcodange merged 1 commits from vibe/batch-pr-a1-split-auth-middlewares into main 2026-05-06 06:56:41 +02:00
Conversation 1 Commits 1 Files Changed 1 +104 -34
arcodange commented 2026-05-06 06:56:14 +02:00
Owner
Copy Link

Split AuthMiddleware into OptionalHandler and RequiredHandler variants.

  • OptionalHandler: preserves current silent fail-through semantics (no header → pass through; bad header/invalid JWT → log + pass through with no user)
  • RequiredHandler: returns 401 + WWW-Authenticate: Bearer on missing/invalid token per RFC 6750
  • Use strings.EqualFold for case-insensitive Bearer prefix matching (RFC 6750)
  • Use strings.HasPrefix (idiomatic Go)
  • Sanitize Trace log: log auth_header_len + scheme_word instead of raw auth_header (Q-064)
  • Narrow dependency: middleware accepts tokenValidator interface (just ValidateJWT) instead of full user.AuthService
  • Legacy .Middleware method preserved as deprecated alias to OptionalHandler for backwards compatibility

The /greet endpoint continues to use optional auth via the deprecated alias. No behavioral change for existing endpoints.

Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe vibe@mistral.ai

Split AuthMiddleware into OptionalHandler and RequiredHandler variants. - OptionalHandler: preserves current silent fail-through semantics (no header → pass through; bad header/invalid JWT → log + pass through with no user) - RequiredHandler: returns 401 + WWW-Authenticate: Bearer on missing/invalid token per RFC 6750 - Use strings.EqualFold for case-insensitive Bearer prefix matching (RFC 6750) - Use strings.HasPrefix (idiomatic Go) - Sanitize Trace log: log auth_header_len + scheme_word instead of raw auth_header (Q-064) - Narrow dependency: middleware accepts tokenValidator interface (just ValidateJWT) instead of full user.AuthService - Legacy .Middleware method preserved as deprecated alias to OptionalHandler for backwards compatibility The /greet endpoint continues to use optional auth via the deprecated alias. No behavioral change for existing endpoints. Generated by Mistral Vibe. Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
arcodange added 1 commit 2026-05-06 06:56:15 +02:00
♻️ refactor(server): split AuthMiddleware into Optional/Required (RFC 6750 + ISP narrow interface)
Some checks failed
CI/CD Pipeline / Build Docker Cache (push) Successful in 15s
Details
CI/CD Pipeline / Trigger Docker Push (push) Has been cancelled
Details
CI/CD Pipeline / CI Pipeline (push) Has been cancelled
Details
17de45563d 
Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
arcodange reviewed 2026-05-06 06:56:30 +02:00
arcodange left a comment
Author
Owner
Copy Link

LGTM - All changes match the spec. Build, vet, and tests pass.

LGTM - All changes match the spec. Build, vet, and tests pass.
arcodange manually merged commit 17de45563d into main 2026-05-06 06:56:41 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
arcodange
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: arcodange/dance-lessons-coach#91
Delete Branch "vibe/batch-pr-a1-split-auth-middlewares"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?