Reorganize handlers

backend/internal/api/auth_handlers.go

@@ -127,17 +127,15 @@ func RefreshToken(authService *auth.SessionService) http.HandlerFunc {
 }
 
 // GetCurrentUser returns the currently authenticated user
-func GetCurrentUser(db *db.DB) http.HandlerFunc {
+func (h *BaseHandler) GetCurrentUser(db *db.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		// Get user claims from context (set by auth middleware)
-		claims, err := auth.GetUserFromContext(r.Context())
-		if err != nil {
-			http.Error(w, "Unauthorized", http.StatusUnauthorized)
+		ctx, ok := h.getContext(w, r)
+		if !ok {
 			return
 		}
 
 		// Get user from database
-		user, err := db.GetUserByID(claims.UserID)
+		user, err := db.GetUserByID(ctx.UserID)
 		if err != nil {
 			http.Error(w, "User not found", http.StatusNotFound)
 			return

backend/internal/api/context.go

@@ -0,0 +1,85 @@
+// api/context.go
+package api
+
+import (
+	"context"
+	"net/http"
+	"novamd/internal/auth"
+	"novamd/internal/db"
+	"novamd/internal/filesystem"
+	"novamd/internal/models"
+
+	"github.com/go-chi/chi/v5"
+)
+
+type HandlerContext struct {
+	UserID    int
+	UserRole  string
+	Workspace *models.Workspace
+}
+
+type contextKey string
+
+const handlerContextKey contextKey = "handlerContext"
+
+// Middleware to populate handler context
+func WithHandlerContext(db *db.DB) func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			// Get user claims from auth context
+			claims, err := auth.GetUserFromContext(r.Context())
+			if err != nil {
+				http.Error(w, "Unauthorized", http.StatusUnauthorized)
+				return
+			}
+
+			// Get workspace name from URL if it exists
+			workspaceName := chi.URLParam(r, "workspaceName")
+
+			var workspace *models.Workspace
+			// Only look up workspace if name is provided
+			if workspaceName != "" {
+				workspace, err = db.GetWorkspaceByName(claims.UserID, workspaceName)
+				if err != nil {
+					http.Error(w, "Workspace not found", http.StatusNotFound)
+					return
+				}
+			}
+
+			// Create handler context
+			ctx := &HandlerContext{
+				UserID:    claims.UserID,
+				UserRole:  claims.Role,
+				Workspace: workspace,
+			}
+
+			// Add to request context
+			reqCtx := context.WithValue(r.Context(), handlerContextKey, ctx)
+			next.ServeHTTP(w, r.WithContext(reqCtx))
+		})
+	}
+}
+
+// Helper function to get handler context
+func GetHandlerContext(r *http.Request) *HandlerContext {
+	ctx := r.Context().Value(handlerContextKey)
+	if ctx == nil {
+		return nil
+	}
+	return ctx.(*HandlerContext)
+}
+
+type BaseHandler struct {
+	DB *db.DB
+	FS *filesystem.FileSystem
+}
+
+// Helper method to get context and handle errors
+func (h *BaseHandler) getContext(w http.ResponseWriter, r *http.Request) (*HandlerContext, bool) {
+	ctx := GetHandlerContext(r)
+	if ctx == nil {
+		http.Error(w, "Internal server error", http.StatusInternalServerError)
+		return nil, false
+	}
+	return ctx, true
+}

backend/internal/api/file_handlers.go

@@ -11,15 +11,14 @@ import (
 	"github.com/go-chi/chi/v5"
 )
 
-func ListFiles(fs *filesystem.FileSystem) http.HandlerFunc {
+func (h *BaseHandler) ListFiles(fs *filesystem.FileSystem) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		userID, workspaceID, err := getUserAndWorkspaceIDs(r)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
+		ctx, ok := h.getContext(w, r)
+		if !ok {
 			return
 		}
 
-		files, err := fs.ListFilesRecursively(userID, workspaceID)
+		files, err := fs.ListFilesRecursively(ctx.UserID, ctx.Workspace.ID)
 		if err != nil {
 			http.Error(w, "Failed to list files", http.StatusInternalServerError)
 			return
@@ -29,11 +28,10 @@ func ListFiles(fs *filesystem.FileSystem) http.HandlerFunc {
 	}
 }
 
-func LookupFileByName(fs *filesystem.FileSystem) http.HandlerFunc {
+func (h *BaseHandler) LookupFileByName(fs *filesystem.FileSystem) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		userID, workspaceID, err := getUserAndWorkspaceIDs(r)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
+		ctx, ok := h.getContext(w, r)
+		if !ok {
 			return
 		}
 
@@ -43,7 +41,7 @@ func LookupFileByName(fs *filesystem.FileSystem) http.HandlerFunc {
 			return
 		}
 
-		filePaths, err := fs.FindFileByName(userID, workspaceID, filename)
+		filePaths, err := fs.FindFileByName(ctx.UserID, ctx.Workspace.ID, filename)
 		if err != nil {
 			http.Error(w, "File not found", http.StatusNotFound)
 			return
@@ -53,16 +51,15 @@ func LookupFileByName(fs *filesystem.FileSystem) http.HandlerFunc {
 	}
 }
 
-func GetFileContent(fs *filesystem.FileSystem) http.HandlerFunc {
+func (h *BaseHandler) GetFileContent(fs *filesystem.FileSystem) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		userID, workspaceID, err := getUserAndWorkspaceIDs(r)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
+		ctx, ok := h.getContext(w, r)
+		if !ok {
 			return
 		}
 
 		filePath := chi.URLParam(r, "*")
-		content, err := fs.GetFileContent(userID, workspaceID, filePath)
+		content, err := fs.GetFileContent(ctx.UserID, ctx.Workspace.ID, filePath)
 		if err != nil {
 			http.Error(w, "Failed to read file", http.StatusNotFound)
 			return
@@ -73,11 +70,10 @@ func GetFileContent(fs *filesystem.FileSystem) http.HandlerFunc {
 	}
 }
 
-func SaveFile(fs *filesystem.FileSystem) http.HandlerFunc {
+func (h *BaseHandler) SaveFile(fs *filesystem.FileSystem) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		userID, workspaceID, err := getUserAndWorkspaceIDs(r)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
+		ctx, ok := h.getContext(w, r)
+		if !ok {
 			return
 		}
 
@@ -88,7 +84,7 @@ func SaveFile(fs *filesystem.FileSystem) http.HandlerFunc {
 			return
 		}
 
-		err = fs.SaveFile(userID, workspaceID, filePath, content)
+		err = fs.SaveFile(ctx.UserID, ctx.Workspace.ID, filePath, content)
 		if err != nil {
 			http.Error(w, "Failed to save file", http.StatusInternalServerError)
 			return
@@ -98,16 +94,15 @@ func SaveFile(fs *filesystem.FileSystem) http.HandlerFunc {
 	}
 }
 
-func DeleteFile(fs *filesystem.FileSystem) http.HandlerFunc {
+func (h *BaseHandler) DeleteFile(fs *filesystem.FileSystem) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		userID, workspaceID, err := getUserAndWorkspaceIDs(r)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
+		ctx, ok := h.getContext(w, r)
+		if !ok {
 			return
 		}
 
 		filePath := chi.URLParam(r, "*")
-		err = fs.DeleteFile(userID, workspaceID, filePath)
+		err := fs.DeleteFile(ctx.UserID, ctx.Workspace.ID, filePath)
 		if err != nil {
 			http.Error(w, "Failed to delete file", http.StatusInternalServerError)
 			return
@@ -118,29 +113,32 @@ func DeleteFile(fs *filesystem.FileSystem) http.HandlerFunc {
 	}
 }
 
-func GetLastOpenedFile(db *db.DB) http.HandlerFunc {
+func (h *BaseHandler) GetLastOpenedFile(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		_, workspaceID, err := getUserAndWorkspaceIDs(r)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
+		ctx, ok := h.getContext(w, r)
+		if !ok {
 			return
 		}
 
-		filePath, err := db.GetLastOpenedFile(workspaceID)
+		filePath, err := db.GetLastOpenedFile(ctx.Workspace.ID)
 		if err != nil {
 			http.Error(w, "Failed to get last opened file", http.StatusInternalServerError)
 			return
 		}
 
+		if _, err := fs.ValidatePath(ctx.UserID, ctx.Workspace.ID, filePath); err != nil {
+			http.Error(w, "Invalid file path", http.StatusBadRequest)
+			return
+		}
+
 		respondJSON(w, map[string]string{"lastOpenedFilePath": filePath})
 	}
 }
 
-func UpdateLastOpenedFile(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc {
+func (h *BaseHandler) UpdateLastOpenedFile(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		userID, workspaceID, err := getUserAndWorkspaceIDs(r)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
+		ctx, ok := h.getContext(w, r)
+		if !ok {
 			return
 		}
 
@@ -155,13 +153,13 @@ func UpdateLastOpenedFile(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc
 
 		// Validate the file path exists in the workspace
 		if requestBody.FilePath != "" {
-			if _, err := fs.ValidatePath(userID, workspaceID, requestBody.FilePath); err != nil {
+			if _, err := fs.ValidatePath(ctx.UserID, ctx.Workspace.ID, requestBody.FilePath); err != nil {
 				http.Error(w, "Invalid file path", http.StatusBadRequest)
 				return
 			}
 		}
 
-		if err := db.UpdateLastOpenedFile(workspaceID, requestBody.FilePath); err != nil {
+		if err := db.UpdateLastOpenedFile(ctx.Workspace.ID, requestBody.FilePath); err != nil {
 			http.Error(w, "Failed to update last opened file", http.StatusInternalServerError)
 			return
 		}

backend/internal/api/git_handlers.go

@@ -7,11 +7,10 @@ import (
 	"novamd/internal/filesystem"
 )
 
-func StageCommitAndPush(fs *filesystem.FileSystem) http.HandlerFunc {
+func (h *BaseHandler) StageCommitAndPush(fs *filesystem.FileSystem) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		userID, workspaceID, err := getUserAndWorkspaceIDs(r)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
+		ctx, ok := h.getContext(w, r)
+		if !ok {
 			return
 		}
 
@@ -29,7 +28,7 @@ func StageCommitAndPush(fs *filesystem.FileSystem) http.HandlerFunc {
 			return
 		}
 
-		err = fs.StageCommitAndPush(userID, workspaceID, requestBody.Message)
+		err := fs.StageCommitAndPush(ctx.UserID, ctx.Workspace.ID, requestBody.Message)
 		if err != nil {
 			http.Error(w, "Failed to stage, commit, and push changes: "+err.Error(), http.StatusInternalServerError)
 			return
@@ -39,15 +38,14 @@ func StageCommitAndPush(fs *filesystem.FileSystem) http.HandlerFunc {
 	}
 }
 
-func PullChanges(fs *filesystem.FileSystem) http.HandlerFunc {
+func (h *BaseHandler) PullChanges(fs *filesystem.FileSystem) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		userID, workspaceID, err := getUserAndWorkspaceIDs(r)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
+		ctx, ok := h.getContext(w, r)
+		if !ok {
 			return
 		}
 
-		err = fs.Pull(userID, workspaceID)
+		err := fs.Pull(ctx.UserID, ctx.Workspace.ID)
 		if err != nil {
 			http.Error(w, "Failed to pull changes: "+err.Error(), http.StatusInternalServerError)
 			return

backend/internal/api/handler_utils.go

@@ -9,24 +9,14 @@ import (
 	"github.com/go-chi/chi/v5"
 )
 
-func getUserID(r *http.Request) (int, error) {
-	userIDStr := chi.URLParam(r, "userId")
-	return strconv.Atoi(userIDStr)
-}
-
-func getUserAndWorkspaceIDs(r *http.Request) (int, int, error) {
-	userID, err := getUserID(r)
-	if err != nil {
-		return 0, 0, errors.New("invalid userId")
-	}
-
+func getWorkspaceID(r *http.Request) (int, error) {
 	workspaceIDStr := chi.URLParam(r, "workspaceId")
 	workspaceID, err := strconv.Atoi(workspaceIDStr)
 	if err != nil {
-		return userID, 0, errors.New("invalid workspaceId")
+		return 0, errors.New("invalid workspaceId")
 	}
 
-	return userID, workspaceID, nil
+	return workspaceID, nil
 }
 
 func respondJSON(w http.ResponseWriter, data interface{}) {

backend/internal/api/routes.go

@@ -9,6 +9,12 @@ import (
 )
 
 func SetupRoutes(r chi.Router, db *db.DB, fs *filesystem.FileSystem, authMiddleware *auth.Middleware, sessionService *auth.SessionService) {
+
+	handler := &BaseHandler{
+		DB: db,
+		FS: fs,
+	}
+
 	// Public routes (no authentication required)
 	r.Group(func(r chi.Router) {
 		r.Post("/auth/login", Login(sessionService, db))
@@ -19,59 +25,51 @@ func SetupRoutes(r chi.Router, db *db.DB, fs *filesystem.FileSystem, authMiddlew
 	r.Group(func(r chi.Router) {
 		// Apply authentication middleware to all routes in this group
 		r.Use(authMiddleware.Authenticate)
+		r.Use(WithHandlerContext(db))
 
 		// Auth routes
 		r.Post("/auth/logout", Logout(sessionService))
-		r.Get("/auth/me", GetCurrentUser(db))
+		r.Get("/auth/me", handler.GetCurrentUser(db))
 
 		// Admin-only routes
 		r.Group(func(r chi.Router) {
 			r.Use(authMiddleware.RequireRole("admin"))
-
-			// TODO: Implement
 			// r.Get("/admin/users", ListUsers(db))
 			// r.Post("/admin/users", CreateUser(db))
 			// r.Delete("/admin/users/{userId}", DeleteUser(db))
 		})
 
-		// User routes - protected by resource ownership
-		r.Route("/users/{userId}", func(r chi.Router) {
-			r.Use(authMiddleware.RequireResourceOwnership)
+		// Workspace routes
+		r.Route("/workspaces", func(r chi.Router) {
+			r.Get("/", handler.ListWorkspaces(db))
+			r.Post("/", handler.CreateWorkspace(db, fs))
+			r.Get("/last", handler.GetLastWorkspace(db))
+			r.Put("/last", handler.UpdateLastWorkspace(db))
 
-			r.Get("/", GetUser(db))
+			// Single workspace routes
+			r.Route("/{workspaceId}", func(r chi.Router) {
+				r.Use(authMiddleware.RequireWorkspaceOwnership(db))
 
-			// Workspace routes
-			r.Route("/workspaces", func(r chi.Router) {
-				r.Get("/", ListWorkspaces(db))
-				r.Post("/", CreateWorkspace(db, fs))
-				r.Get("/last", GetLastWorkspace(db))
-				r.Put("/last", UpdateLastWorkspace(db))
+				r.Get("/", handler.GetWorkspace(db))
+				r.Put("/", handler.UpdateWorkspace(db, fs))
+				r.Delete("/", handler.DeleteWorkspace(db))
 
-				r.Route("/{workspaceId}", func(r chi.Router) {
-					// Add workspace ownership check
-					r.Use(authMiddleware.RequireWorkspaceOwnership(db))
+				// File routes
+				r.Route("/files", func(r chi.Router) {
+					r.Get("/", handler.ListFiles(fs))
+					r.Get("/last", handler.GetLastOpenedFile(db, fs))
+					r.Put("/last", handler.UpdateLastOpenedFile(db, fs))
+					r.Get("/lookup", handler.LookupFileByName(fs))
 
-					r.Get("/", GetWorkspace(db))
-					r.Put("/", UpdateWorkspace(db, fs))
-					r.Delete("/", DeleteWorkspace(db))
+					r.Post("/*", handler.SaveFile(fs))
+					r.Get("/*", handler.GetFileContent(fs))
+					r.Delete("/*", handler.DeleteFile(fs))
+				})
 
-					// File routes
-					r.Route("/files", func(r chi.Router) {
-						r.Get("/", ListFiles(fs))
-						r.Get("/last", GetLastOpenedFile(db))
-						r.Put("/last", UpdateLastOpenedFile(db, fs))
-						r.Get("/lookup", LookupFileByName(fs))
-
-						r.Post("/*", SaveFile(fs))
-						r.Get("/*", GetFileContent(fs))
-						r.Delete("/*", DeleteFile(fs))
-					})
-
-					// Git routes
-					r.Route("/git", func(r chi.Router) {
-						r.Post("/commit", StageCommitAndPush(fs))
-						r.Post("/pull", PullChanges(fs))
-					})
+				// Git routes
+				r.Route("/git", func(r chi.Router) {
+					r.Post("/commit", handler.StageCommitAndPush(fs))
+					r.Post("/pull", handler.PullChanges(fs))
 				})
 			})
 		})

backend/internal/api/user_handlers.go

@@ -6,15 +6,14 @@ import (
 	"novamd/internal/db"
 )
 
-func GetUser(db *db.DB) http.HandlerFunc {
+func (h *BaseHandler) GetUser(db *db.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		userID, err := getUserID(r)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
+		ctx, ok := h.getContext(w, r)
+		if !ok {
 			return
 		}
 
-		user, err := db.GetUserByID(userID)
+		user, err := db.GetUserByID(ctx.UserID)
 		if err != nil {
 			http.Error(w, "Failed to get user", http.StatusInternalServerError)
 			return

backend/internal/api/workspace_handlers.go

@@ -9,15 +9,14 @@ import (
 	"novamd/internal/models"
 )
 
-func ListWorkspaces(db *db.DB) http.HandlerFunc {
+func (h *BaseHandler) ListWorkspaces(db *db.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		userID, err := getUserID(r)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
+		ctx, ok := h.getContext(w, r)
+		if !ok {
 			return
 		}
 
-		workspaces, err := db.GetWorkspacesByUserID(userID)
+		workspaces, err := db.GetWorkspacesByUserID(ctx.UserID)
 		if err != nil {
 			http.Error(w, "Failed to list workspaces", http.StatusInternalServerError)
 			return
@@ -27,11 +26,10 @@ func ListWorkspaces(db *db.DB) http.HandlerFunc {
 	}
 }
 
-func CreateWorkspace(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc {
+func (h *BaseHandler) CreateWorkspace(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		userID, err := getUserID(r)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
+		ctx, ok := h.getContext(w, r)
+		if !ok {
 			return
 		}
 
@@ -41,7 +39,7 @@ func CreateWorkspace(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc {
 			return
 		}
 
-		workspace.UserID = userID
+		workspace.UserID = ctx.UserID
 		if err := db.CreateWorkspace(&workspace); err != nil {
 			http.Error(w, "Failed to create workspace", http.StatusInternalServerError)
 			return
@@ -56,34 +54,37 @@ func CreateWorkspace(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc {
 	}
 }
 
-func GetWorkspace(db *db.DB) http.HandlerFunc {
+func (h *BaseHandler) GetWorkspace(db *db.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		userID, workspaceID, err := getUserAndWorkspaceIDs(r)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
+		ctx, ok := h.getContext(w, r)
+		if !ok {
 			return
 		}
 
-		workspace, err := db.GetWorkspaceByID(workspaceID)
-		if err != nil {
-			http.Error(w, "Workspace not found", http.StatusNotFound)
-			return
-		}
-
-		if workspace.UserID != userID {
-			http.Error(w, "Unauthorized access to workspace", http.StatusForbidden)
-			return
-		}
-
-		respondJSON(w, workspace)
+		respondJSON(w, ctx.Workspace)
 	}
 }
 
-func UpdateWorkspace(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc {
+func gitSettingsChanged(new, old *models.Workspace) bool {
+	// Check if Git was enabled/disabled
+	if new.GitEnabled != old.GitEnabled {
+		return true
+	}
+
+	// If Git is enabled, check if any settings changed
+	if new.GitEnabled {
+		return new.GitURL != old.GitURL ||
+			new.GitUser != old.GitUser ||
+			new.GitToken != old.GitToken
+	}
+
+	return false
+}
+
+func (h *BaseHandler) UpdateWorkspace(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		userID, workspaceID, err := getUserAndWorkspaceIDs(r)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
+		ctx, ok := h.getContext(w, r)
+		if !ok {
 			return
 		}
 
@@ -94,8 +95,8 @@ func UpdateWorkspace(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc {
 		}
 
 		// Set IDs from the request
-		workspace.ID = workspaceID
-		workspace.UserID = userID
+		workspace.ID = ctx.Workspace.ID
+		workspace.UserID = ctx.UserID
 
 		// Validate the workspace
 		if err := workspace.Validate(); err != nil {
@@ -103,31 +104,22 @@ func UpdateWorkspace(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc {
 			return
 		}
 
-		// Get current workspace for comparison
-		currentWorkspace, err := db.GetWorkspaceByID(workspaceID)
-		if err != nil {
-			http.Error(w, "Workspace not found", http.StatusNotFound)
-			return
-		}
-
-		if currentWorkspace.UserID != userID {
-			http.Error(w, "Unauthorized access to workspace", http.StatusForbidden)
-			return
-		}
-
 		// Handle Git repository setup/teardown if Git settings changed
-		if workspace.GitEnabled != currentWorkspace.GitEnabled ||
-			(workspace.GitEnabled && (workspace.GitURL != currentWorkspace.GitURL ||
-				workspace.GitUser != currentWorkspace.GitUser ||
-				workspace.GitToken != currentWorkspace.GitToken)) {
+		if gitSettingsChanged(&workspace, ctx.Workspace) {
 			if workspace.GitEnabled {
-				err = fs.SetupGitRepo(userID, workspaceID, workspace.GitURL, workspace.GitUser, workspace.GitToken)
-				if err != nil {
+				if err := fs.SetupGitRepo(
+					ctx.UserID,
+					ctx.Workspace.ID,
+					workspace.GitURL,
+					workspace.GitUser,
+					workspace.GitToken,
+				); err != nil {
 					http.Error(w, "Failed to setup git repo: "+err.Error(), http.StatusInternalServerError)
 					return
 				}
+
 			} else {
-				fs.DisableGitRepo(userID, workspaceID)
+				fs.DisableGitRepo(ctx.UserID, ctx.Workspace.ID)
 			}
 		}
 
@@ -140,16 +132,15 @@ func UpdateWorkspace(db *db.DB, fs *filesystem.FileSystem) http.HandlerFunc {
 	}
 }
 
-func DeleteWorkspace(db *db.DB) http.HandlerFunc {
+func (h *BaseHandler) DeleteWorkspace(db *db.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		userID, workspaceID, err := getUserAndWorkspaceIDs(r)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
+		ctx, ok := h.getContext(w, r)
+		if !ok {
 			return
 		}
 
 		// Check if this is the user's last workspace
-		workspaces, err := db.GetWorkspacesByUserID(userID)
+		workspaces, err := db.GetWorkspacesByUserID(ctx.UserID)
 		if err != nil {
 			http.Error(w, "Failed to get workspaces", http.StatusInternalServerError)
 			return
@@ -163,7 +154,7 @@ func DeleteWorkspace(db *db.DB) http.HandlerFunc {
 		// Find another workspace to set as last
 		var nextWorkspaceID int
 		for _, ws := range workspaces {
-			if ws.ID != workspaceID {
+			if ws.ID != ctx.Workspace.ID {
 				nextWorkspaceID = ws.ID
 				break
 			}
@@ -178,14 +169,14 @@ func DeleteWorkspace(db *db.DB) http.HandlerFunc {
 		defer tx.Rollback()
 
 		// Update last workspace ID first
-		err = db.UpdateLastWorkspaceTx(tx, userID, nextWorkspaceID)
+		err = db.UpdateLastWorkspaceTx(tx, ctx.UserID, nextWorkspaceID)
 		if err != nil {
 			http.Error(w, "Failed to update last workspace", http.StatusInternalServerError)
 			return
 		}
 
 		// Delete the workspace
-		err = db.DeleteWorkspaceTx(tx, workspaceID)
+		err = db.DeleteWorkspaceTx(tx, ctx.Workspace.ID)
 		if err != nil {
 			http.Error(w, "Failed to delete workspace", http.StatusInternalServerError)
 			return
@@ -202,15 +193,14 @@ func DeleteWorkspace(db *db.DB) http.HandlerFunc {
 	}
 }
 
-func GetLastWorkspace(db *db.DB) http.HandlerFunc {
+func (h *BaseHandler) GetLastWorkspace(db *db.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		userID, err := getUserID(r)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
+		ctx, ok := h.getContext(w, r)
+		if !ok {
 			return
 		}
 
-		workspaceID, err := db.GetLastWorkspaceID(userID)
+		workspaceID, err := db.GetLastWorkspaceID(ctx.UserID)
 		if err != nil {
 			http.Error(w, "Failed to get last workspace", http.StatusInternalServerError)
 			return
@@ -220,11 +210,10 @@ func GetLastWorkspace(db *db.DB) http.HandlerFunc {
 	}
 }
 
-func UpdateLastWorkspace(db *db.DB) http.HandlerFunc {
+func (h *BaseHandler) UpdateLastWorkspace(db *db.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		userID, err := getUserID(r)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
+		ctx, ok := h.getContext(w, r)
+		if !ok {
 			return
 		}
 
@@ -237,7 +226,7 @@ func UpdateLastWorkspace(db *db.DB) http.HandlerFunc {
 			return
 		}
 
-		if err := db.UpdateLastWorkspace(userID, requestBody.WorkspaceID); err != nil {
+		if err := db.UpdateLastWorkspace(ctx.UserID, requestBody.WorkspaceID); err != nil {
 			http.Error(w, "Failed to update last workspace", http.StatusInternalServerError)
 			return
 		}

backend/internal/auth/middleware.go

@@ -4,11 +4,7 @@ import (
 	"context"
 	"fmt"
 	"net/http"
-	"novamd/internal/db"
-	"strconv"
 	"strings"
-
-	"github.com/go-chi/chi/v5"
 )
 
 type contextKey string
@@ -96,27 +92,24 @@ func (m *Middleware) RequireRole(role string) func(http.Handler) http.Handler {
 	}
 }
 
-// RequireResourceOwnership ensures users can only access their own resources
-func (m *Middleware) RequireResourceOwnership(next http.Handler) http.Handler {
+func (m *Middleware) RequireWorkspaceAccess(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		// Get requesting user from context (set by auth middleware)
-		claims, err := GetUserFromContext(r.Context())
-		if err != nil {
-			http.Error(w, "Unauthorized", http.StatusUnauthorized)
+		// Get our handler context
+		ctx := context.GetHandlerContext(r)
+		if ctx == nil {
+			http.Error(w, "Internal server error", http.StatusInternalServerError)
 			return
 		}
 
-		// Get requested user ID from URL
-		userIDStr := chi.URLParam(r, "userId")
-		requestedUserID, err := strconv.Atoi(userIDStr)
-		if err != nil {
-			http.Error(w, "Invalid user ID", http.StatusBadRequest)
+		// If no workspace in context, allow the request (might be a non-workspace endpoint)
+		if ctx.Workspace == nil {
+			next.ServeHTTP(w, r)
 			return
 		}
 
-		// Allow if user is accessing their own resources or is an admin
-		if claims.UserID != requestedUserID && claims.Role != "admin" {
-			http.Error(w, "Forbidden", http.StatusForbidden)
+		// Check if user has access (either owner or admin)
+		if ctx.Workspace.UserID != ctx.UserID && ctx.UserRole != "admin" {
+			http.Error(w, "Not Found", http.StatusNotFound)
 			return
 		}
 
@@ -124,52 +117,6 @@ func (m *Middleware) RequireResourceOwnership(next http.Handler) http.Handler {
 	})
 }
 
-// RequireWorkspaceOwnership ensures users can only access workspaces they own
-type WorkspaceGetter interface {
-	GetWorkspaceByID(id int) (*Workspace, error)
-}
-
-type Workspace struct {
-	ID     int
-	UserID int
-}
-
-// RequireWorkspaceOwnership ensures users can only access workspaces they own
-func (m *Middleware) RequireWorkspaceOwnership(db *db.DB) func(http.Handler) http.Handler {
-	return func(next http.Handler) http.Handler {
-		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			// Get requesting user from context
-			claims, err := GetUserFromContext(r.Context())
-			if err != nil {
-				http.Error(w, "Unauthorized", http.StatusUnauthorized)
-				return
-			}
-
-			// Get workspace ID from URL
-			workspaceID, err := strconv.Atoi(chi.URLParam(r, "workspaceId"))
-			if err != nil {
-				http.Error(w, "Invalid workspace ID", http.StatusBadRequest)
-				return
-			}
-
-			// Get workspace from database
-			workspace, err := db.GetWorkspaceByID(workspaceID)
-			if err != nil {
-				http.Error(w, "Workspace not found", http.StatusNotFound)
-				return
-			}
-
-			// Check if user owns the workspace or is admin
-			if workspace.UserID != claims.UserID && claims.Role != "admin" {
-				http.Error(w, "Forbidden", http.StatusForbidden)
-				return
-			}
-
-			next.ServeHTTP(w, r)
-		})
-	}
-}
-
 // GetUserFromContext retrieves user claims from the request context
 func GetUserFromContext(ctx context.Context) (*UserClaims, error) {
 	claims, ok := ctx.Value(UserContextKey).(UserClaims)

backend/internal/db/workspaces.go

@@ -72,6 +72,38 @@ func (db *DB) GetWorkspaceByID(id int) (*models.Workspace, error) {
 	return workspace, nil
 }
 
+func (db *DB) GetWorkspaceByName(userID int, workspaceName string) (*models.Workspace, error) {
+	workspace := &models.Workspace{}
+	var encryptedToken string
+
+	err := db.QueryRow(`
+		SELECT 
+			id, user_id, name, created_at, 
+			theme, auto_save, 
+			git_enabled, git_url, git_user, git_token, 
+			git_auto_commit, git_commit_msg_template
+		FROM workspaces 
+		WHERE user_id = ? AND name = ?`,
+		userID, workspaceName,
+	).Scan(
+		&workspace.ID, &workspace.UserID, &workspace.Name, &workspace.CreatedAt,
+		&workspace.Theme, &workspace.AutoSave,
+		&workspace.GitEnabled, &workspace.GitURL, &workspace.GitUser, &encryptedToken,
+		&workspace.GitAutoCommit, &workspace.GitCommitMsgTemplate,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	// Decrypt token
+	workspace.GitToken, err = db.decryptToken(encryptedToken)
+	if err != nil {
+		return nil, fmt.Errorf("failed to decrypt token: %w", err)
+	}
+
+	return workspace, nil
+}
+
 func (db *DB) UpdateWorkspace(workspace *models.Workspace) error {
 	// Encrypt token before storing
 	encryptedToken, err := db.encryptToken(workspace.GitToken)