Reorganize handlers

backend/internal/auth/middleware.go

@@ -4,11 +4,7 @@ import (
 	"context"
 	"fmt"
 	"net/http"
-	"novamd/internal/db"
-	"strconv"
 	"strings"
-
-	"github.com/go-chi/chi/v5"
 )
 
 type contextKey string
@@ -96,27 +92,24 @@ func (m *Middleware) RequireRole(role string) func(http.Handler) http.Handler {
 	}
 }
 
-// RequireResourceOwnership ensures users can only access their own resources
-func (m *Middleware) RequireResourceOwnership(next http.Handler) http.Handler {
+func (m *Middleware) RequireWorkspaceAccess(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		// Get requesting user from context (set by auth middleware)
-		claims, err := GetUserFromContext(r.Context())
-		if err != nil {
-			http.Error(w, "Unauthorized", http.StatusUnauthorized)
+		// Get our handler context
+		ctx := context.GetHandlerContext(r)
+		if ctx == nil {
+			http.Error(w, "Internal server error", http.StatusInternalServerError)
 			return
 		}
 
-		// Get requested user ID from URL
-		userIDStr := chi.URLParam(r, "userId")
-		requestedUserID, err := strconv.Atoi(userIDStr)
-		if err != nil {
-			http.Error(w, "Invalid user ID", http.StatusBadRequest)
+		// If no workspace in context, allow the request (might be a non-workspace endpoint)
+		if ctx.Workspace == nil {
+			next.ServeHTTP(w, r)
 			return
 		}
 
-		// Allow if user is accessing their own resources or is an admin
-		if claims.UserID != requestedUserID && claims.Role != "admin" {
-			http.Error(w, "Forbidden", http.StatusForbidden)
+		// Check if user has access (either owner or admin)
+		if ctx.Workspace.UserID != ctx.UserID && ctx.UserRole != "admin" {
+			http.Error(w, "Not Found", http.StatusNotFound)
 			return
 		}
 
@@ -124,52 +117,6 @@ func (m *Middleware) RequireResourceOwnership(next http.Handler) http.Handler {
 	})
 }
 
-// RequireWorkspaceOwnership ensures users can only access workspaces they own
-type WorkspaceGetter interface {
-	GetWorkspaceByID(id int) (*Workspace, error)
-}
-
-type Workspace struct {
-	ID     int
-	UserID int
-}
-
-// RequireWorkspaceOwnership ensures users can only access workspaces they own
-func (m *Middleware) RequireWorkspaceOwnership(db *db.DB) func(http.Handler) http.Handler {
-	return func(next http.Handler) http.Handler {
-		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			// Get requesting user from context
-			claims, err := GetUserFromContext(r.Context())
-			if err != nil {
-				http.Error(w, "Unauthorized", http.StatusUnauthorized)
-				return
-			}
-
-			// Get workspace ID from URL
-			workspaceID, err := strconv.Atoi(chi.URLParam(r, "workspaceId"))
-			if err != nil {
-				http.Error(w, "Invalid workspace ID", http.StatusBadRequest)
-				return
-			}
-
-			// Get workspace from database
-			workspace, err := db.GetWorkspaceByID(workspaceID)
-			if err != nil {
-				http.Error(w, "Workspace not found", http.StatusNotFound)
-				return
-			}
-
-			// Check if user owns the workspace or is admin
-			if workspace.UserID != claims.UserID && claims.Role != "admin" {
-				http.Error(w, "Forbidden", http.StatusForbidden)
-				return
-			}
-
-			next.ServeHTTP(w, r)
-		})
-	}
-}
-
 // GetUserFromContext retrieves user claims from the request context
 func GetUserFromContext(ctx context.Context) (*UserClaims, error) {
 	claims, ok := ctx.Value(UserContextKey).(UserClaims)