Initial commit: Open sourcing all of the Maple Open Technologies code.

2025-12-02 14:33:08 -05:00 · 2025-12-02 14:33:08 -05:00 · 755d54a99d
commit 755d54a99d
2010 changed files with 448675 additions and 0 deletions
--- a/cloud/maplefile-backend/internal/interface/http/middleware/jwt.go
+++ b/cloud/maplefile-backend/internal/interface/http/middleware/jwt.go
@ -0,0 +1,74 @@
+// monorepo/cloud/maplefile-backend/internal/maplefile/interface/http/middleware/jwt.go
+package middleware
+
+import (
+	"context"
+	"net/http"
+	"strings"
+
+	"go.uber.org/zap"
+
+	"codeberg.org/mapleopentech/monorepo/cloud/maplefile-backend/config/constants"
+	"codeberg.org/mapleopentech/monorepo/cloud/maplefile-backend/pkg/httperror"
+)
+
+func (mid *middleware) JWTProcessorMiddleware(fn http.HandlerFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		ctx := r.Context()
+
+		// Extract the Authorization header
+		reqToken := r.Header.Get("Authorization")
+
+		// Validate that Authorization header is present
+		if reqToken == "" {
+			problem := httperror.NewUnauthorizedError("Authorization not set")
+			problem.WithInstance(r.URL.Path).
+				WithTraceID(httperror.ExtractRequestID(r))
+			httperror.RespondWithProblem(w, problem)
+			return
+		}
+
+		// Extract the token from the Authorization header
+		// Support both "Bearer" (RFC 6750 standard) and "JWT" schemes for compatibility
+		var token string
+		if strings.HasPrefix(reqToken, "Bearer ") {
+			token = strings.TrimPrefix(reqToken, "Bearer ")
+		} else if strings.HasPrefix(reqToken, "JWT ") {
+			token = strings.TrimPrefix(reqToken, "JWT ")
+		} else {
+			problem := httperror.NewBadRequestError("Not properly formatted authorization header")
+			problem.WithInstance(r.URL.Path).
+				WithTraceID(httperror.ExtractRequestID(r))
+			httperror.RespondWithProblem(w, problem)
+			return
+		}
+
+		// Validate the token is not empty after prefix removal
+		if token == "" {
+			problem := httperror.NewBadRequestError("Not properly formatted authorization header")
+			problem.WithInstance(r.URL.Path).
+				WithTraceID(httperror.ExtractRequestID(r))
+			httperror.RespondWithProblem(w, problem)
+			return
+		}
+
+		// Process the JWT token
+		sessionID, err := mid.jwt.ProcessJWTToken(token)
+		if err != nil {
+			// Log the actual error for debugging but return generic message to client
+			mid.logger.Error("JWT processing failed", zap.Error(err))
+			problem := httperror.NewUnauthorizedError("Invalid or expired token")
+			problem.WithInstance(r.URL.Path).
+				WithTraceID(httperror.ExtractRequestID(r))
+			httperror.RespondWithProblem(w, problem)
+			return
+		}
+
+		// Update our context to save our JWT token content information
+		ctx = context.WithValue(ctx, constants.SessionIsAuthorized, true)
+		ctx = context.WithValue(ctx, constants.SessionID, sessionID)
+
+		// Flow to the next middleware with our JWT token saved
+		fn(w, r.WithContext(ctx))
+	}
+}