diff --git a/backend/internal/api/auth_handlers.go b/backend/internal/api/auth_handlers.go index 9ca495e..7187955 100644 --- a/backend/internal/api/auth_handlers.go +++ b/backend/internal/api/auth_handlers.go @@ -127,17 +127,15 @@ func RefreshToken(authService *auth.SessionService) http.HandlerFunc { } // GetCurrentUser returns the currently authenticated user -func GetCurrentUser(db *db.DB) http.HandlerFunc { +func (h *BaseHandler) GetCurrentUser(db *db.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - // Get user claims from context (set by auth middleware) - claims, err := auth.GetUserFromContext(r.Context()) - if err != nil { - http.Error(w, "Unauthorized", http.StatusUnauthorized) + ctx, ok := h.getContext(w, r) + if !ok { return } // Get user from database - user, err := db.GetUserByID(claims.UserID) + user, err := db.GetUserByID(ctx.UserID) if err != nil { http.Error(w, "User not found", http.StatusNotFound) return diff --git a/backend/internal/api/context.go b/backend/internal/api/context.go new file mode 100644 index 0000000..92089e2 --- /dev/null +++ b/backend/internal/api/context.go @@ -0,0 +1,85 @@ +// api/context.go +package api + +import ( + "context" + "net/http" + "novamd/internal/auth" + "novamd/internal/db" + "novamd/internal/filesystem" + "novamd/internal/models" + + "github.com/go-chi/chi/v5" +) + +type HandlerContext struct { + UserID int + UserRole string + Workspace *models.Workspace +} + +type contextKey string + +const handlerContextKey contextKey = "handlerContext" + +// Middleware to populate handler context +func WithHandlerContext(db *db.DB) func(http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Get user claims from auth context + claims, err := auth.GetUserFromContext(r.Context()) + if err != nil { + http.Error(w, "Unauthorized", http.StatusUnauthorized) + return + } + + // Get workspace name from URL if it exists + workspaceName := chi.URLParam(r, "workspaceName") + + var workspace *models.Workspace + // Only look up workspace if name is provided + if workspaceName != "" { + workspace, err = db.GetWorkspaceByName(claims.UserID, workspaceName) + if err != nil { + http.Error(w, "Workspace not found", http.StatusNotFound) + return + } + } + + // Create handler context + ctx := &HandlerContext{ + UserID: claims.UserID, + UserRole: claims.Role, + Workspace: workspace, + } + + // Add to request context + reqCtx := context.WithValue(r.Context(), handlerContextKey, ctx) + next.ServeHTTP(w, r.WithContext(reqCtx)) + }) + } +} + +// Helper function to get handler context +func GetHandlerContext(r *http.Request) *HandlerContext { + ctx := r.Context().Value(handlerContextKey) + if ctx == nil { + return nil + } + return ctx.(*HandlerContext) +} + +type BaseHandler struct { + DB *db.DB + FS *filesystem.FileSystem +} + +// Helper method to get context and handle errors +func (h *BaseHandler) getContext(w http.ResponseWriter, r *http.Request) (*HandlerContext, bool) { + ctx := GetHandlerContext(r) + if ctx == nil { + http.Error(w, "Internal server error", http.StatusInternalServerError) + return nil, false + } + return ctx, true +} diff --git a/backend/internal/api/file_handlers.go b/backend/internal/api/file_handlers.go index dc98752..7644fc0 100644 --- a/backend/internal/api/file_handlers.go +++ b/backend/internal/api/file_handlers.go @@ -11,15 +11,14 @@ import ( "github.com/go-chi/chi/v5" ) -func ListFiles(fs *filesystem.FileSystem) http.HandlerFunc { +func (h *BaseHandler) ListFiles(fs *filesystem.FileSystem) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - userID, workspaceID, err := getUserAndWorkspaceIDs(r) - if err != nil { - http.Error(w, err.Error(), http.StatusBadRequest) + ctx, ok := h.getContext(w, r) + if !ok { return } - files, err := fs.ListFilesRecursively(userID, workspaceID) + files, err := fs.ListFilesRecursively(ctx.UserID, ctx.Workspace.ID) if err != nil { http.Error(w, "Failed to list files", http.StatusInternalServerError) return @@ -29,11 +28,10 @@ func ListFiles(fs *filesystem.FileSystem) http.HandlerFunc { } } -func LookupFileByName(fs *filesystem.FileSystem) http.HandlerFunc { +func (h *BaseHandler) LookupFileByName(fs *filesystem.FileSystem) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - userID, workspaceID, err := getUserAndWorkspaceIDs(r) - if err != nil { - http.Error(w, err.Error(), http.StatusBadRequest) + ctx, ok := h.getContext(w, r) + if !ok { return } @@ -43,7 +41,7 @@ func LookupFileByName(fs *filesystem.FileSystem) http.HandlerFunc { return } - filePaths, err := fs.FindFileByName(userID, workspaceID, filename) + filePaths, err := fs.FindFileByName(ctx.UserID, ctx.Workspace.ID, filename) if err != nil { http.Error(w, "File not found", http.StatusNotFound) return @@ -53,16 +51,15 @@ func LookupFileByName(fs *filesystem.FileSystem) http.HandlerFunc { } } -func GetFileContent(fs *filesystem.FileSystem) http.HandlerFunc { +func (h *BaseHandler) GetFileContent(fs *filesystem.FileSystem) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - userID, workspaceID, err := getUserAndWorkspaceIDs(r) - if err != nil { - http.Error(w, err.Error(), http.StatusBadRequest) + ctx, ok := h.getContext(w, r) + if !ok { return } filePath := chi.URLParam(r, "*") - content, err := fs.GetFileContent(userID, workspaceID, filePath) + content, err := fs.GetFileContent(ctx.UserID, ctx.Workspace.ID, filePath) if err != nil { http.Error(w, "Failed to read file", http.StatusNotFound) return @@ -73,11 +70,10 @@ func GetFileContent(fs *filesystem.FileSystem) http.HandlerFunc { } } -func SaveFile(fs *filesystem.FileSystem) http.HandlerFunc { +func (h *BaseHandler) SaveFile(fs *filesystem.FileSystem) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - userID, workspaceID, err := getUserAndWorkspaceIDs(r) - if err != nil { - http.Error(w, err.Error(), http.StatusBadRequest) + ctx, ok := h.getContext(w, r) + if !ok { return } @@ -88,7 +84,7 @@ func SaveFile(fs *filesystem.FileSystem) http.HandlerFunc { return } - err = fs.SaveFile(userID, workspaceID, filePath, content) + err = fs.SaveFile(ctx.UserID, ctx.Workspace.ID, filePath, content) if err != nil { http.Error(w, "Failed to save file", http.StatusInternalServerError) return @@ -98,16 +94,15 @@ func SaveFile(fs *filesystem.FileSystem) http.HandlerFunc { } } -func DeleteFile(fs *filesystem.FileSystem) http.HandlerFunc { +func (h *BaseHandler) DeleteFile(fs *filesystem.FileSystem) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - userID, workspaceID, err := getUserAndWorkspaceIDs(r) - if err != nil { - http.Error(w, err.Error(), http.StatusBadRequest) + ctx, ok := h.getContext(w, r) + if !ok { return } filePath := chi.URLParam(r, "*") - err = fs.DeleteFile(userID, workspaceID, filePath) + err := fs.DeleteFile(ctx.UserID, ctx.Workspace.ID, filePath) if err != nil { http.Error(w, "Failed to delete file", http.StatusInternalServerError) return @@ -118,29 +113,32 @@ func DeleteFile(fs *filesystem.FileSystem) http.HandlerFunc { } } -func GetLastOpenedFile(db *db.DB) http.HandlerFunc { +func (h *BaseHandler) GetLastOpenedFile(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - _, workspaceID, err := getUserAndWorkspaceIDs(r) - if err != nil { - http.Error(w, err.Error(), http.StatusBadRequest) + ctx, ok := h.getContext(w, r) + if !ok { return } - filePath, err := db.GetLastOpenedFile(workspaceID) + filePath, err := db.GetLastOpenedFile(ctx.Workspace.ID) if err != nil { http.Error(w, "Failed to get last opened file", http.StatusInternalServerError) return } + if _, err := fs.ValidatePath(ctx.UserID, ctx.Workspace.ID, filePath); err != nil { + http.Error(w, "Invalid file path", http.StatusBadRequest) + return + } + respondJSON(w, map[string]string{"lastOpenedFilePath": filePath}) } } -func UpdateLastOpenedFile(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc { +func (h *BaseHandler) UpdateLastOpenedFile(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - userID, workspaceID, err := getUserAndWorkspaceIDs(r) - if err != nil { - http.Error(w, err.Error(), http.StatusBadRequest) + ctx, ok := h.getContext(w, r) + if !ok { return } @@ -155,13 +153,13 @@ func UpdateLastOpenedFile(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc // Validate the file path exists in the workspace if requestBody.FilePath != "" { - if _, err := fs.ValidatePath(userID, workspaceID, requestBody.FilePath); err != nil { + if _, err := fs.ValidatePath(ctx.UserID, ctx.Workspace.ID, requestBody.FilePath); err != nil { http.Error(w, "Invalid file path", http.StatusBadRequest) return } } - if err := db.UpdateLastOpenedFile(workspaceID, requestBody.FilePath); err != nil { + if err := db.UpdateLastOpenedFile(ctx.Workspace.ID, requestBody.FilePath); err != nil { http.Error(w, "Failed to update last opened file", http.StatusInternalServerError) return } diff --git a/backend/internal/api/git_handlers.go b/backend/internal/api/git_handlers.go index 7eaa146..662c811 100644 --- a/backend/internal/api/git_handlers.go +++ b/backend/internal/api/git_handlers.go @@ -7,11 +7,10 @@ import ( "novamd/internal/filesystem" ) -func StageCommitAndPush(fs *filesystem.FileSystem) http.HandlerFunc { +func (h *BaseHandler) StageCommitAndPush(fs *filesystem.FileSystem) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - userID, workspaceID, err := getUserAndWorkspaceIDs(r) - if err != nil { - http.Error(w, err.Error(), http.StatusBadRequest) + ctx, ok := h.getContext(w, r) + if !ok { return } @@ -29,7 +28,7 @@ func StageCommitAndPush(fs *filesystem.FileSystem) http.HandlerFunc { return } - err = fs.StageCommitAndPush(userID, workspaceID, requestBody.Message) + err := fs.StageCommitAndPush(ctx.UserID, ctx.Workspace.ID, requestBody.Message) if err != nil { http.Error(w, "Failed to stage, commit, and push changes: "+err.Error(), http.StatusInternalServerError) return @@ -39,15 +38,14 @@ func StageCommitAndPush(fs *filesystem.FileSystem) http.HandlerFunc { } } -func PullChanges(fs *filesystem.FileSystem) http.HandlerFunc { +func (h *BaseHandler) PullChanges(fs *filesystem.FileSystem) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - userID, workspaceID, err := getUserAndWorkspaceIDs(r) - if err != nil { - http.Error(w, err.Error(), http.StatusBadRequest) + ctx, ok := h.getContext(w, r) + if !ok { return } - err = fs.Pull(userID, workspaceID) + err := fs.Pull(ctx.UserID, ctx.Workspace.ID) if err != nil { http.Error(w, "Failed to pull changes: "+err.Error(), http.StatusInternalServerError) return diff --git a/backend/internal/api/handler_utils.go b/backend/internal/api/handler_utils.go index 75c50cd..bc98d88 100644 --- a/backend/internal/api/handler_utils.go +++ b/backend/internal/api/handler_utils.go @@ -9,24 +9,14 @@ import ( "github.com/go-chi/chi/v5" ) -func getUserID(r *http.Request) (int, error) { - userIDStr := chi.URLParam(r, "userId") - return strconv.Atoi(userIDStr) -} - -func getUserAndWorkspaceIDs(r *http.Request) (int, int, error) { - userID, err := getUserID(r) - if err != nil { - return 0, 0, errors.New("invalid userId") - } - +func getWorkspaceID(r *http.Request) (int, error) { workspaceIDStr := chi.URLParam(r, "workspaceId") workspaceID, err := strconv.Atoi(workspaceIDStr) if err != nil { - return userID, 0, errors.New("invalid workspaceId") + return 0, errors.New("invalid workspaceId") } - return userID, workspaceID, nil + return workspaceID, nil } func respondJSON(w http.ResponseWriter, data interface{}) { diff --git a/backend/internal/api/routes.go b/backend/internal/api/routes.go index fba0260..1c600fa 100644 --- a/backend/internal/api/routes.go +++ b/backend/internal/api/routes.go @@ -9,6 +9,12 @@ import ( ) func SetupRoutes(r chi.Router, db *db.DB, fs *filesystem.FileSystem, authMiddleware *auth.Middleware, sessionService *auth.SessionService) { + + handler := &BaseHandler{ + DB: db, + FS: fs, + } + // Public routes (no authentication required) r.Group(func(r chi.Router) { r.Post("/auth/login", Login(sessionService, db)) @@ -19,59 +25,51 @@ func SetupRoutes(r chi.Router, db *db.DB, fs *filesystem.FileSystem, authMiddlew r.Group(func(r chi.Router) { // Apply authentication middleware to all routes in this group r.Use(authMiddleware.Authenticate) + r.Use(WithHandlerContext(db)) // Auth routes r.Post("/auth/logout", Logout(sessionService)) - r.Get("/auth/me", GetCurrentUser(db)) + r.Get("/auth/me", handler.GetCurrentUser(db)) // Admin-only routes r.Group(func(r chi.Router) { r.Use(authMiddleware.RequireRole("admin")) - - // TODO: Implement // r.Get("/admin/users", ListUsers(db)) // r.Post("/admin/users", CreateUser(db)) // r.Delete("/admin/users/{userId}", DeleteUser(db)) }) - // User routes - protected by resource ownership - r.Route("/users/{userId}", func(r chi.Router) { - r.Use(authMiddleware.RequireResourceOwnership) + // Workspace routes + r.Route("/workspaces", func(r chi.Router) { + r.Get("/", handler.ListWorkspaces(db)) + r.Post("/", handler.CreateWorkspace(db, fs)) + r.Get("/last", handler.GetLastWorkspace(db)) + r.Put("/last", handler.UpdateLastWorkspace(db)) - r.Get("/", GetUser(db)) + // Single workspace routes + r.Route("/{workspaceId}", func(r chi.Router) { + r.Use(authMiddleware.RequireWorkspaceOwnership(db)) - // Workspace routes - r.Route("/workspaces", func(r chi.Router) { - r.Get("/", ListWorkspaces(db)) - r.Post("/", CreateWorkspace(db, fs)) - r.Get("/last", GetLastWorkspace(db)) - r.Put("/last", UpdateLastWorkspace(db)) + r.Get("/", handler.GetWorkspace(db)) + r.Put("/", handler.UpdateWorkspace(db, fs)) + r.Delete("/", handler.DeleteWorkspace(db)) - r.Route("/{workspaceId}", func(r chi.Router) { - // Add workspace ownership check - r.Use(authMiddleware.RequireWorkspaceOwnership(db)) + // File routes + r.Route("/files", func(r chi.Router) { + r.Get("/", handler.ListFiles(fs)) + r.Get("/last", handler.GetLastOpenedFile(db, fs)) + r.Put("/last", handler.UpdateLastOpenedFile(db, fs)) + r.Get("/lookup", handler.LookupFileByName(fs)) - r.Get("/", GetWorkspace(db)) - r.Put("/", UpdateWorkspace(db, fs)) - r.Delete("/", DeleteWorkspace(db)) + r.Post("/*", handler.SaveFile(fs)) + r.Get("/*", handler.GetFileContent(fs)) + r.Delete("/*", handler.DeleteFile(fs)) + }) - // File routes - r.Route("/files", func(r chi.Router) { - r.Get("/", ListFiles(fs)) - r.Get("/last", GetLastOpenedFile(db)) - r.Put("/last", UpdateLastOpenedFile(db, fs)) - r.Get("/lookup", LookupFileByName(fs)) - - r.Post("/*", SaveFile(fs)) - r.Get("/*", GetFileContent(fs)) - r.Delete("/*", DeleteFile(fs)) - }) - - // Git routes - r.Route("/git", func(r chi.Router) { - r.Post("/commit", StageCommitAndPush(fs)) - r.Post("/pull", PullChanges(fs)) - }) + // Git routes + r.Route("/git", func(r chi.Router) { + r.Post("/commit", handler.StageCommitAndPush(fs)) + r.Post("/pull", handler.PullChanges(fs)) }) }) }) diff --git a/backend/internal/api/user_handlers.go b/backend/internal/api/user_handlers.go index 28cd9fe..cdcff9f 100644 --- a/backend/internal/api/user_handlers.go +++ b/backend/internal/api/user_handlers.go @@ -6,15 +6,14 @@ import ( "novamd/internal/db" ) -func GetUser(db *db.DB) http.HandlerFunc { +func (h *BaseHandler) GetUser(db *db.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - userID, err := getUserID(r) - if err != nil { - http.Error(w, err.Error(), http.StatusBadRequest) + ctx, ok := h.getContext(w, r) + if !ok { return } - user, err := db.GetUserByID(userID) + user, err := db.GetUserByID(ctx.UserID) if err != nil { http.Error(w, "Failed to get user", http.StatusInternalServerError) return diff --git a/backend/internal/api/workspace_handlers.go b/backend/internal/api/workspace_handlers.go index 29415f5..714516a 100644 --- a/backend/internal/api/workspace_handlers.go +++ b/backend/internal/api/workspace_handlers.go @@ -9,15 +9,14 @@ import ( "novamd/internal/models" ) -func ListWorkspaces(db *db.DB) http.HandlerFunc { +func (h *BaseHandler) ListWorkspaces(db *db.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - userID, err := getUserID(r) - if err != nil { - http.Error(w, err.Error(), http.StatusBadRequest) + ctx, ok := h.getContext(w, r) + if !ok { return } - workspaces, err := db.GetWorkspacesByUserID(userID) + workspaces, err := db.GetWorkspacesByUserID(ctx.UserID) if err != nil { http.Error(w, "Failed to list workspaces", http.StatusInternalServerError) return @@ -27,11 +26,10 @@ func ListWorkspaces(db *db.DB) http.HandlerFunc { } } -func CreateWorkspace(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc { +func (h *BaseHandler) CreateWorkspace(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - userID, err := getUserID(r) - if err != nil { - http.Error(w, err.Error(), http.StatusBadRequest) + ctx, ok := h.getContext(w, r) + if !ok { return } @@ -41,7 +39,7 @@ func CreateWorkspace(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc { return } - workspace.UserID = userID + workspace.UserID = ctx.UserID if err := db.CreateWorkspace(&workspace); err != nil { http.Error(w, "Failed to create workspace", http.StatusInternalServerError) return @@ -56,34 +54,37 @@ func CreateWorkspace(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc { } } -func GetWorkspace(db *db.DB) http.HandlerFunc { +func (h *BaseHandler) GetWorkspace(db *db.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - userID, workspaceID, err := getUserAndWorkspaceIDs(r) - if err != nil { - http.Error(w, err.Error(), http.StatusBadRequest) + ctx, ok := h.getContext(w, r) + if !ok { return } - workspace, err := db.GetWorkspaceByID(workspaceID) - if err != nil { - http.Error(w, "Workspace not found", http.StatusNotFound) - return - } - - if workspace.UserID != userID { - http.Error(w, "Unauthorized access to workspace", http.StatusForbidden) - return - } - - respondJSON(w, workspace) + respondJSON(w, ctx.Workspace) } } -func UpdateWorkspace(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc { +func gitSettingsChanged(new, old *models.Workspace) bool { + // Check if Git was enabled/disabled + if new.GitEnabled != old.GitEnabled { + return true + } + + // If Git is enabled, check if any settings changed + if new.GitEnabled { + return new.GitURL != old.GitURL || + new.GitUser != old.GitUser || + new.GitToken != old.GitToken + } + + return false +} + +func (h *BaseHandler) UpdateWorkspace(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - userID, workspaceID, err := getUserAndWorkspaceIDs(r) - if err != nil { - http.Error(w, err.Error(), http.StatusBadRequest) + ctx, ok := h.getContext(w, r) + if !ok { return } @@ -94,8 +95,8 @@ func UpdateWorkspace(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc { } // Set IDs from the request - workspace.ID = workspaceID - workspace.UserID = userID + workspace.ID = ctx.Workspace.ID + workspace.UserID = ctx.UserID // Validate the workspace if err := workspace.Validate(); err != nil { @@ -103,31 +104,22 @@ func UpdateWorkspace(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc { return } - // Get current workspace for comparison - currentWorkspace, err := db.GetWorkspaceByID(workspaceID) - if err != nil { - http.Error(w, "Workspace not found", http.StatusNotFound) - return - } - - if currentWorkspace.UserID != userID { - http.Error(w, "Unauthorized access to workspace", http.StatusForbidden) - return - } - // Handle Git repository setup/teardown if Git settings changed - if workspace.GitEnabled != currentWorkspace.GitEnabled || - (workspace.GitEnabled && (workspace.GitURL != currentWorkspace.GitURL || - workspace.GitUser != currentWorkspace.GitUser || - workspace.GitToken != currentWorkspace.GitToken)) { + if gitSettingsChanged(&workspace, ctx.Workspace) { if workspace.GitEnabled { - err = fs.SetupGitRepo(userID, workspaceID, workspace.GitURL, workspace.GitUser, workspace.GitToken) - if err != nil { + if err := fs.SetupGitRepo( + ctx.UserID, + ctx.Workspace.ID, + workspace.GitURL, + workspace.GitUser, + workspace.GitToken, + ); err != nil { http.Error(w, "Failed to setup git repo: "+err.Error(), http.StatusInternalServerError) return } + } else { - fs.DisableGitRepo(userID, workspaceID) + fs.DisableGitRepo(ctx.UserID, ctx.Workspace.ID) } } @@ -140,16 +132,15 @@ func UpdateWorkspace(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc { } } -func DeleteWorkspace(db *db.DB) http.HandlerFunc { +func (h *BaseHandler) DeleteWorkspace(db *db.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - userID, workspaceID, err := getUserAndWorkspaceIDs(r) - if err != nil { - http.Error(w, err.Error(), http.StatusBadRequest) + ctx, ok := h.getContext(w, r) + if !ok { return } // Check if this is the user's last workspace - workspaces, err := db.GetWorkspacesByUserID(userID) + workspaces, err := db.GetWorkspacesByUserID(ctx.UserID) if err != nil { http.Error(w, "Failed to get workspaces", http.StatusInternalServerError) return @@ -163,7 +154,7 @@ func DeleteWorkspace(db *db.DB) http.HandlerFunc { // Find another workspace to set as last var nextWorkspaceID int for _, ws := range workspaces { - if ws.ID != workspaceID { + if ws.ID != ctx.Workspace.ID { nextWorkspaceID = ws.ID break } @@ -178,14 +169,14 @@ func DeleteWorkspace(db *db.DB) http.HandlerFunc { defer tx.Rollback() // Update last workspace ID first - err = db.UpdateLastWorkspaceTx(tx, userID, nextWorkspaceID) + err = db.UpdateLastWorkspaceTx(tx, ctx.UserID, nextWorkspaceID) if err != nil { http.Error(w, "Failed to update last workspace", http.StatusInternalServerError) return } // Delete the workspace - err = db.DeleteWorkspaceTx(tx, workspaceID) + err = db.DeleteWorkspaceTx(tx, ctx.Workspace.ID) if err != nil { http.Error(w, "Failed to delete workspace", http.StatusInternalServerError) return @@ -202,15 +193,14 @@ func DeleteWorkspace(db *db.DB) http.HandlerFunc { } } -func GetLastWorkspace(db *db.DB) http.HandlerFunc { +func (h *BaseHandler) GetLastWorkspace(db *db.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - userID, err := getUserID(r) - if err != nil { - http.Error(w, err.Error(), http.StatusBadRequest) + ctx, ok := h.getContext(w, r) + if !ok { return } - workspaceID, err := db.GetLastWorkspaceID(userID) + workspaceID, err := db.GetLastWorkspaceID(ctx.UserID) if err != nil { http.Error(w, "Failed to get last workspace", http.StatusInternalServerError) return @@ -220,11 +210,10 @@ func GetLastWorkspace(db *db.DB) http.HandlerFunc { } } -func UpdateLastWorkspace(db *db.DB) http.HandlerFunc { +func (h *BaseHandler) UpdateLastWorkspace(db *db.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - userID, err := getUserID(r) - if err != nil { - http.Error(w, err.Error(), http.StatusBadRequest) + ctx, ok := h.getContext(w, r) + if !ok { return } @@ -237,7 +226,7 @@ func UpdateLastWorkspace(db *db.DB) http.HandlerFunc { return } - if err := db.UpdateLastWorkspace(userID, requestBody.WorkspaceID); err != nil { + if err := db.UpdateLastWorkspace(ctx.UserID, requestBody.WorkspaceID); err != nil { http.Error(w, "Failed to update last workspace", http.StatusInternalServerError) return } diff --git a/backend/internal/auth/middleware.go b/backend/internal/auth/middleware.go index b73ed4e..ff41353 100644 --- a/backend/internal/auth/middleware.go +++ b/backend/internal/auth/middleware.go @@ -4,11 +4,7 @@ import ( "context" "fmt" "net/http" - "novamd/internal/db" - "strconv" "strings" - - "github.com/go-chi/chi/v5" ) type contextKey string @@ -96,27 +92,24 @@ func (m *Middleware) RequireRole(role string) func(http.Handler) http.Handler { } } -// RequireResourceOwnership ensures users can only access their own resources -func (m *Middleware) RequireResourceOwnership(next http.Handler) http.Handler { +func (m *Middleware) RequireWorkspaceAccess(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - // Get requesting user from context (set by auth middleware) - claims, err := GetUserFromContext(r.Context()) - if err != nil { - http.Error(w, "Unauthorized", http.StatusUnauthorized) + // Get our handler context + ctx := context.GetHandlerContext(r) + if ctx == nil { + http.Error(w, "Internal server error", http.StatusInternalServerError) return } - // Get requested user ID from URL - userIDStr := chi.URLParam(r, "userId") - requestedUserID, err := strconv.Atoi(userIDStr) - if err != nil { - http.Error(w, "Invalid user ID", http.StatusBadRequest) + // If no workspace in context, allow the request (might be a non-workspace endpoint) + if ctx.Workspace == nil { + next.ServeHTTP(w, r) return } - // Allow if user is accessing their own resources or is an admin - if claims.UserID != requestedUserID && claims.Role != "admin" { - http.Error(w, "Forbidden", http.StatusForbidden) + // Check if user has access (either owner or admin) + if ctx.Workspace.UserID != ctx.UserID && ctx.UserRole != "admin" { + http.Error(w, "Not Found", http.StatusNotFound) return } @@ -124,52 +117,6 @@ func (m *Middleware) RequireResourceOwnership(next http.Handler) http.Handler { }) } -// RequireWorkspaceOwnership ensures users can only access workspaces they own -type WorkspaceGetter interface { - GetWorkspaceByID(id int) (*Workspace, error) -} - -type Workspace struct { - ID int - UserID int -} - -// RequireWorkspaceOwnership ensures users can only access workspaces they own -func (m *Middleware) RequireWorkspaceOwnership(db *db.DB) func(http.Handler) http.Handler { - return func(next http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - // Get requesting user from context - claims, err := GetUserFromContext(r.Context()) - if err != nil { - http.Error(w, "Unauthorized", http.StatusUnauthorized) - return - } - - // Get workspace ID from URL - workspaceID, err := strconv.Atoi(chi.URLParam(r, "workspaceId")) - if err != nil { - http.Error(w, "Invalid workspace ID", http.StatusBadRequest) - return - } - - // Get workspace from database - workspace, err := db.GetWorkspaceByID(workspaceID) - if err != nil { - http.Error(w, "Workspace not found", http.StatusNotFound) - return - } - - // Check if user owns the workspace or is admin - if workspace.UserID != claims.UserID && claims.Role != "admin" { - http.Error(w, "Forbidden", http.StatusForbidden) - return - } - - next.ServeHTTP(w, r) - }) - } -} - // GetUserFromContext retrieves user claims from the request context func GetUserFromContext(ctx context.Context) (*UserClaims, error) { claims, ok := ctx.Value(UserContextKey).(UserClaims) diff --git a/backend/internal/db/workspaces.go b/backend/internal/db/workspaces.go index 15944ec..d339075 100644 --- a/backend/internal/db/workspaces.go +++ b/backend/internal/db/workspaces.go @@ -72,6 +72,38 @@ func (db *DB) GetWorkspaceByID(id int) (*models.Workspace, error) { return workspace, nil } +func (db *DB) GetWorkspaceByName(userID int, workspaceName string) (*models.Workspace, error) { + workspace := &models.Workspace{} + var encryptedToken string + + err := db.QueryRow(` + SELECT + id, user_id, name, created_at, + theme, auto_save, + git_enabled, git_url, git_user, git_token, + git_auto_commit, git_commit_msg_template + FROM workspaces + WHERE user_id = ? AND name = ?`, + userID, workspaceName, + ).Scan( + &workspace.ID, &workspace.UserID, &workspace.Name, &workspace.CreatedAt, + &workspace.Theme, &workspace.AutoSave, + &workspace.GitEnabled, &workspace.GitURL, &workspace.GitUser, &encryptedToken, + &workspace.GitAutoCommit, &workspace.GitCommitMsgTemplate, + ) + if err != nil { + return nil, err + } + + // Decrypt token + workspace.GitToken, err = db.decryptToken(encryptedToken) + if err != nil { + return nil, fmt.Errorf("failed to decrypt token: %w", err) + } + + return workspace, nil +} + func (db *DB) UpdateWorkspace(workspace *models.Workspace) error { // Encrypt token before storing encryptedToken, err := db.encryptToken(workspace.GitToken)