akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity

fix: improve AuthMiddleware to handle nil authService and validate user role

Browse Source
This commit is contained in:
GitHub Actions
2026-02-13 08:18:48 +00:00
parent 88714d0a46
commit f4f7194550
1 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
backend/internal/api/middleware/auth.go
View File

@@ -19,6 +19,11 @@ func AuthMiddleware(authService *services.AuthService) gin.HandlerFunc {
}
}
if authService == nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Authorization header required"})
return
}
tokenString, ok := extractAuthToken(c)
if !ok {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Authorization header required"})
@@ -31,8 +36,14 @@ func AuthMiddleware(authService *services.AuthService) gin.HandlerFunc {
return
}
c.Set("userID", claims.UserID)
c.Set("role", claims.Role)
user, err := authService.GetUserByID(claims.UserID)
if err != nil || !user.Enabled {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid token"})
return
}
c.Set("userID", user.ID)
c.Set("role", user.Role)
c.Next()
}
}