leeworks-agents/gitea-mobile
5
0
Fork 0
Code Issues 42 Pull Requests 4 Actions Packages Projects Releases Wiki Activity
Files
74a542675545be1966505c7c8d2b8dc11f4f1519
gitea-mobile/internal/middleware/auth.go
T
agent-company 703b2fafb0 feat: add env-based configuration and token-in-cookie auth 
Implement 12-factor configuration via environment variables and
token-in-cookie authentication for Gitea API access.

- internal/config/config.go: reads GITEA_URL, GITEA_TOKEN, LISTEN_ADDR,
  SESSION_SECRET from environment with validation
- internal/auth/cookie.go: HMAC-signed HTTP-only cookie for storing
  Gitea API tokens (Secure, SameSite=Strict)
- internal/middleware/auth.go: extracts token from cookie, injects into
  request context, redirects unauthenticated users to /settings
- internal/middleware/logging.go: structured JSON request logging
- internal/handlers/settings.go: settings page for entering/removing
  Gitea API token with mobile-first dark UI
- cmd/server/main.go: integrated config, auth middleware, and settings

Includes unit tests for config loading, cookie signing/verification,
and auth middleware bypass/redirect logic.

Closes leeworks-agents/gitea-mobile#2

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 04:05:31 +00:00

55 lines
1.6 KiB
Go
Raw Blame History

package middleware
import (
"context"
"log/slog"
"net/http"
"gitea.leeworks.dev/0xwheatyz/gitea-mobile/internal/auth"
)
// contextKey is a private type for context keys in this package.
type contextKey string
const (
// TokenContextKey is the context key for the Gitea API token.
TokenContextKey contextKey = "gitea_token"
)
// TokenFromContext extracts the Gitea API token from the request context.
func TokenFromContext(ctx context.Context) string {
token, _ := ctx.Value(TokenContextKey).(string)
return token
}
// Auth returns middleware that checks for a valid token cookie.
// Unauthenticated requests are redirected to the settings page.
// The /health, /settings, and /static/ paths are exempt from auth.
func Auth(sessionSecret string) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Skip auth for exempt paths.
path := r.URL.Path
if path == "/health" || path == "/settings" || hasPrefix(path, "/static/") {
next.ServeHTTP(w, r)
return
}
token, err := auth.GetToken(r, sessionSecret)
if err != nil || token == "" {
slog.Debug("unauthenticated request, redirecting to settings", "path", path, "error", err)
http.Redirect(w, r, "/settings", http.StatusSeeOther)
return
}
// Inject token into request context.
ctx := context.WithValue(r.Context(), TokenContextKey, token)
next.ServeHTTP(w, r.WithContext(ctx))
})
}
}
func hasPrefix(s, prefix string) bool {
return len(s) >= len(prefix) && s[:len(prefix)] == prefix
}
Reference in New Issue View Git Blame Copy Permalink