feature: verify tokens

2024-11-17 22:28:29 +05:30
parent 26a00c9f7c
commit 9d40c9d7ec
57 changed files with 4188 additions and 276 deletions
--- a/cmd/server/handler/request.go
+++ b/cmd/server/handler/request.go
@@ -0,0 +1,63 @@
+package handler
+
+import (
+	"context"
+	"net"
+	"net/http"
+	"strings"
+
+	"gitserver.in/patialtech/rano/util/uid"
+)
+
+const RequestIDKey = "RequestID"
+const RequestIPKey = "RequestIP"
+const RequestUserAgentKey = "RequestUA"
+
+var defaultHeaders = []string{
+	"True-Client-IP", // Cloudflare Enterprise plan
+	"X-Real-IP",
+	"X-Forwarded-For",
+}
+
+// Request middleware that will do the following:
+//   - pull session user
+//   - set requestID
+//   - set ctx RealIP and client userAgent info
+func Request() func(http.Handler) http.Handler {
+	return func(h http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			ctx := r.Context()
+
+			// ID
+			requestID := r.Header.Get("X-Request-Id")
+			if requestID == "" {
+				requestID = uid.ULID()
+			}
+			ctx = context.WithValue(ctx, RequestIDKey, requestID)
+
+			// IP
+			if ip := getRealIP(r, defaultHeaders); ip != "" {
+				r.RemoteAddr = ip
+			}
+			ctx = context.WithValue(ctx, RequestIPKey, requestID)
+
+			// User Agent
+			ctx = context.WithValue(ctx, RequestUserAgentKey, r.UserAgent())
+
+			h.ServeHTTP(w, r)
+		})
+	}
+}
+
+func getRealIP(r *http.Request, headers []string) string {
+	for _, header := range headers {
+		if ip := r.Header.Get(header); ip != "" {
+			ips := strings.Split(ip, ",")
+			if ips[0] == "" || net.ParseIP(ips[0]) == nil {
+				continue
+			}
+			return ips[0]
+		}
+	}
+	return ""
+}