chore: clean .gitignore cache

backend/internal/api/middleware/auth.go

@@ -1,65 +0,0 @@
-package middleware
-
-import (
-	"net/http"
-	"strings"
-
-	"github.com/Wikid82/charon/backend/internal/services"
-	"github.com/gin-gonic/gin"
-)
-
-func AuthMiddleware(authService *services.AuthService) gin.HandlerFunc {
-	return func(c *gin.Context) {
-		authHeader := c.GetHeader("Authorization")
-
-		if authHeader == "" {
-			// Try cookie first for browser flows (including WebSocket upgrades)
-			if cookie, err := c.Cookie("auth_token"); err == nil && cookie != "" {
-				authHeader = "Bearer " + cookie
-			}
-		}
-
-		// DEPRECATED: Query parameter authentication for WebSocket connections
-		// This fallback exists only for backward compatibility and will be removed in a future version.
-		// Query parameters are logged in access logs and should not be used for sensitive data.
-		// Use HttpOnly cookies instead, which are automatically sent by browsers and not logged.
-		if authHeader == "" {
-			if token := c.Query("token"); token != "" {
-				authHeader = "Bearer " + token
-			}
-		}
-
-		if authHeader == "" {
-			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Authorization header required"})
-			return
-		}
-
-		tokenString := strings.TrimPrefix(authHeader, "Bearer ")
-		claims, err := authService.ValidateToken(tokenString)
-		if err != nil {
-			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid token"})
-			return
-		}
-
-		c.Set("userID", claims.UserID)
-		c.Set("role", claims.Role)
-		c.Next()
-	}
-}
-
-func RequireRole(role string) gin.HandlerFunc {
-	return func(c *gin.Context) {
-		userRole, exists := c.Get("role")
-		if !exists {
-			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
-			return
-		}
-
-		if userRole.(string) != role && userRole.(string) != "admin" {
-			c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "Forbidden"})
-			return
-		}
-
-		c.Next()
-	}
-}