package middlewares import ( "canguidev/shelfy/internal/models" "fmt" "net/http" "strings" "time" "github.com/gin-gonic/gin" "github.com/golang-jwt/jwt/v4" "gorm.io/gorm" ) func CheckAuth(db *gorm.DB) gin.HandlerFunc { return func(c *gin.Context) { // 1. Récupère le token (header ou query string) authHeader := c.GetHeader("Authorization") var tokenString string if authHeader != "" { // Mode classique : Authorization: Bearer xxxxx authToken := strings.Split(authHeader, " ") if len(authToken) != 2 || authToken[0] != "Bearer" { c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid token format"}) c.AbortWithStatus(http.StatusUnauthorized) return } tokenString = authToken[1] } else { // Mode web : token dans l’URL tokenString = c.Query("token") if tokenString == "" { c.JSON(http.StatusUnauthorized, gin.H{"error": "Authorization header is missing"}) c.AbortWithStatus(http.StatusUnauthorized) return } } // 2. Vérifie et parse le JWT token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"]) } return []byte("SECRET"), nil }) if err != nil || !token.Valid { c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid or expired token"}) c.AbortWithStatus(http.StatusUnauthorized) return } claims, ok := token.Claims.(jwt.MapClaims) if !ok { c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid token"}) c.Abort() return } if float64(time.Now().Unix()) > claims["exp"].(float64) { c.JSON(http.StatusUnauthorized, gin.H{"error": "token expired"}) c.AbortWithStatus(http.StatusUnauthorized) return } var user models.User var id = claims["id"] result := db.First(&user, id) if result.RowsAffected == 0 { c.AbortWithStatus(http.StatusUnauthorized) return } c.Set("currentUser", user) c.Next() } }