-1

Hi there is a need to pass a json object to check authentication in each request

for this purpose i am using gorilla package

func middlewareFirstAuthCheck(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
log.Println("middlewareFirstAuthCheck - Before Handler")


next.ServeHTTP(w, r)

})
}

func StandartHandler(w http.ResponseWriter, r *http.Request) {


}

in standard handler i accept json object, and in middlewareFirstAuthCheck i accept different json object

middlewareFirstAuthCheck is executed first

there is an understanding of what needs to be done, but how to implement it correctly?

codices
  • 49
  • 7

1 Answers1

1

Keep in mind that the code running inside this function is not safe for a mux server:

func middlewareFirstAuthCheck(next http.Handler) http.Handler {
    // don't manage something related to request if you have a mux server
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        log.Println("middlewareFirstAuthCheck - Before Handler")
        // you could get the r.Body or r.Headers here to get the user authenticated
        next.ServeHTTP(w, r)
    })
}

Ideally if you wanna handle permissions you should be setting them on the middleware depending the scope of your endpoint. Something like:

// please don't mind the terrible function/variable names
router.Get("/url", authMiddlewareForScope(s.handleTask(), "scope:to:handle:task"))

If you want this roles to be configurable by your application you will need a more elegant solution.

Please let me know if

Lucio De Simone
  • 23
  • 1
  • thanks, my handle router.Handle("/setmyhandle/{id}", middlewareFirstAuthCheck(handlers.LoggingHandler(os.Stdout, http.HandlerFunc(handleTask)))).Methods("POST") – codices May 12 '22 at 06:27
  • I check the path, then I already do the parsing of 2 structures and check auth.. if strings.Contains(r.URL.Path, "/setmyhandle") == true { type Msg struct { Str1 *model.Str1 `json:"str1"` Str2 *model.Str2 `json:"str2"` } } //and if auth check true i call next handle with context.. I'm not sure if this is correct, and in the context you can only pass the interface, whoever understands will understand, this is not entirely convenient – codices May 12 '22 at 06:34
  • I don't totally understand how are you authenticating users/apis on your app. Usually what I do is get a header or some value from the body (depending on the case) and use that information with a fixed value per endpoint that defines if the entity that is calling my resource is capable of such thing, if this client has the information that is needed (depends on what you are using, if you can explain that I could give more details) you can call your handler and execute your application logic. – Lucio De Simone May 12 '22 at 06:47
  • If this models should map, one of the models (or at least the values that you need to check) should be configured on your endpoint as an struct or fixed value that you set for that resource (can be reused of course) and then the client should meet the value that you are trying to match. As I said, it depends on your authentication algorithm – Lucio De Simone May 12 '22 at 06:48
  • in all my handlers there is an authentication check, and if it is not passed, then I simply return the server's response "auth failed", thereby the client can no longer receive responses from the server, but if it is passed, then my task is the following: transfer 1 of 2 structure to the next handler, so I don’t know how to implement it more correctly, at the moment, as I wrote, I do it through the context – codices May 12 '22 at 06:52