miniflux/internal/fever/middleware.go

// SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
// SPDX-License-Identifier: Apache-2.0

package fever // import "miniflux.app/v2/internal/fever"

import (
	"context"
	"log/slog"
	"net/http"

	"miniflux.app/v2/internal/http/request"
	"miniflux.app/v2/internal/http/response/json"
	"miniflux.app/v2/internal/storage"
)

type middleware struct {
	store *storage.Storage
}

func newMiddleware(s *storage.Storage) *middleware {
	return &middleware{s}
}

func (m *middleware) serve(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		clientIP := request.ClientIP(r)
		apiKey := r.FormValue("api_key")
		if apiKey == "" {
			slog.Warn("[Fever] No API key provided",
				slog.Bool("authentication_failed", true),
				slog.String("client_ip", clientIP),
				slog.String("user_agent", r.UserAgent()),
			)
			json.OK(w, r, newAuthFailureResponse())
			return
		}

		user, err := m.store.UserByFeverToken(apiKey)
		if err != nil {
			slog.Error("[Fever] Unable to fetch user by API key",
				slog.Bool("authentication_failed", true),
				slog.String("client_ip", clientIP),
				slog.String("user_agent", r.UserAgent()),
				slog.Any("error", err),
			)
			json.OK(w, r, newAuthFailureResponse())
			return
		}

		if user == nil {
			slog.Warn("[Fever] No user found with the API key provided",
				slog.Bool("authentication_failed", true),
				slog.String("client_ip", clientIP),
				slog.String("user_agent", r.UserAgent()),
			)
			json.OK(w, r, newAuthFailureResponse())
			return
		}

		slog.Info("[Fever] User authenticated successfully",
			slog.Bool("authentication_successful", true),
			slog.String("client_ip", clientIP),
			slog.String("user_agent", r.UserAgent()),
			slog.Int64("user_id", user.ID),
			slog.String("username", user.Username),
		)

		m.store.SetLastLogin(user.ID)

		ctx := r.Context()
		ctx = context.WithValue(ctx, request.UserIDContextKey, user.ID)
		ctx = context.WithValue(ctx, request.UserTimezoneContextKey, user.Timezone)
		ctx = context.WithValue(ctx, request.IsAdminUserContextKey, user.IsAdmin)
		ctx = context.WithValue(ctx, request.IsAuthenticatedContextKey, true)

		next.ServeHTTP(w, r.WithContext(ctx))
	})
}
Replace copyright header with SPDX identifier 2023-06-19 17:42:47 -04:00			`// SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.`
			`// SPDX-License-Identifier: Apache-2.0`
Add Fever API 2017-12-03 20:44:27 -05:00
Move internal packages to an internal folder For reference: https://go.dev/doc/go1.4#internalpackages 2023-08-10 22:46:45 -04:00			`package fever // import "miniflux.app/v2/internal/fever"`
Add Fever API 2017-12-03 20:44:27 -05:00
			`import (`
			`"context"`
Implement structured logging using log/slog package 2023-09-24 19:32:09 -04:00			`"log/slog"`
Add Fever API 2017-12-03 20:44:27 -05:00			`"net/http"`

Move internal packages to an internal folder For reference: https://go.dev/doc/go1.4#internalpackages 2023-08-10 22:46:45 -04:00			`"miniflux.app/v2/internal/http/request"`
			`"miniflux.app/v2/internal/http/response/json"`
			`"miniflux.app/v2/internal/storage"`
Add Fever API 2017-12-03 20:44:27 -05:00			`)`

Move Fever middleware and routes to fever package 2018-11-11 12:52:12 -05:00			`type middleware struct {`
			`store *storage.Storage`
			`}`

			`func newMiddleware(s storage.Storage) middleware {`
			`return &middleware{s}`
			`}`
Improve Fever middleware and handle groupID=0 2018-10-26 22:49:49 -04:00
Move Fever middleware and routes to fever package 2018-11-11 12:52:12 -05:00			`func (m *middleware) serve(next http.Handler) http.Handler {`
Add Fever API 2017-12-03 20:44:27 -05:00			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
Fever API: add client IP in middleware logs 2020-08-09 00:51:52 -04:00			`clientIP := request.ClientIP(r)`
Add Fever API 2017-12-03 20:44:27 -05:00			`apiKey := r.FormValue("api_key")`
Improve Fever middleware and handle groupID=0 2018-10-26 22:49:49 -04:00			`if apiKey == "" {`
Implement structured logging using log/slog package 2023-09-24 19:32:09 -04:00			`slog.Warn("[Fever] No API key provided",`
			`slog.Bool("authentication_failed", true),`
			`slog.String("client_ip", clientIP),`
			`slog.String("user_agent", r.UserAgent()),`
			`)`
Move Fever middleware and routes to fever package 2018-11-11 12:52:12 -05:00			`json.OK(w, r, newAuthFailureResponse())`
Improve Fever middleware and handle groupID=0 2018-10-26 22:49:49 -04:00			`return`
			`}`
Use vanilla HTTP handlers (refactoring) 2018-04-29 19:35:04 -04:00
Use Gorilla middleware (refactoring) 2018-04-27 23:38:46 -04:00			`user, err := m.store.UserByFeverToken(apiKey)`
Add Fever API 2017-12-03 20:44:27 -05:00			`if err != nil {`
Implement structured logging using log/slog package 2023-09-24 19:32:09 -04:00			`slog.Error("[Fever] Unable to fetch user by API key",`
			`slog.Bool("authentication_failed", true),`
			`slog.String("client_ip", clientIP),`
			`slog.String("user_agent", r.UserAgent()),`
			`slog.Any("error", err),`
			`)`
Move Fever middleware and routes to fever package 2018-11-11 12:52:12 -05:00			`json.OK(w, r, newAuthFailureResponse())`
Add Fever API 2017-12-03 20:44:27 -05:00			`return`
			`}`

			`if user == nil {`
Implement structured logging using log/slog package 2023-09-24 19:32:09 -04:00			`slog.Warn("[Fever] No user found with the API key provided",`
			`slog.Bool("authentication_failed", true),`
			`slog.String("client_ip", clientIP),`
			`slog.String("user_agent", r.UserAgent()),`
			`)`
Move Fever middleware and routes to fever package 2018-11-11 12:52:12 -05:00			`json.OK(w, r, newAuthFailureResponse())`
Add Fever API 2017-12-03 20:44:27 -05:00			`return`
			`}`

Implement structured logging using log/slog package 2023-09-24 19:32:09 -04:00			`slog.Info("[Fever] User authenticated successfully",`
			`slog.Bool("authentication_successful", true),`
			`slog.String("client_ip", clientIP),`
			`slog.String("user_agent", r.UserAgent()),`
			`slog.Int64("user_id", user.ID),`
			`slog.String("username", user.Username),`
			`)`

Use Gorilla middleware (refactoring) 2018-04-27 23:38:46 -04:00			`m.store.SetLastLogin(user.ID)`
Add Fever API 2017-12-03 20:44:27 -05:00
			`ctx := r.Context()`
Refactor HTTP context handling 2018-09-03 17:26:40 -04:00			`ctx = context.WithValue(ctx, request.UserIDContextKey, user.ID)`
			`ctx = context.WithValue(ctx, request.UserTimezoneContextKey, user.Timezone)`
			`ctx = context.WithValue(ctx, request.IsAdminUserContextKey, user.IsAdmin)`
			`ctx = context.WithValue(ctx, request.IsAuthenticatedContextKey, true)`
Add Fever API 2017-12-03 20:44:27 -05:00
			`next.ServeHTTP(w, r.WithContext(ctx))`
			`})`
			`}`