feat: move auth split into seperate function (#14)

* feat: move auth split into seperate function * feat: fmt and go mod tidy
logan-bobo · Jul 5, 2024 · 141f7bc · 141f7bc
1 parent 9ec40b3
commit 141f7bc
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 40 deletions.
diff --git a/go.mod b/go.mod
@@ -2,12 +2,14 @@ module url-short
 
 go 1.22.4
 
+require (
+	github.com/golang-jwt/jwt/v5 v5.2.1
+	github.com/lib/pq v1.10.9
+	github.com/redis/go-redis/v9 v9.5.3
+	golang.org/x/crypto v0.24.0
+)
+
 require (
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
-	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
-	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
-	github.com/lib/pq v1.10.9 // indirect
-	github.com/redis/go-redis/v9 v9.5.3 // indirect
-	golang.org/x/crypto v0.24.0 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -1,9 +1,11 @@
+github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs=
+github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c=
+github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
+github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
-github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
-github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
 github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=

diff --git a/handlers.go b/handlers.go
@@ -11,7 +11,6 @@ import (
 	"net/mail"
 	"net/url"
 	"strconv"
-	"strings"
 	"time"
 
 	"github.com/golang-jwt/jwt/v5"
@@ -400,27 +399,13 @@ func (apiCfg *apiConfig) putAPIUsers(w http.ResponseWriter, r *http.Request, use
 }
 
 func (apiCfg *apiConfig) postAPIRefresh(w http.ResponseWriter, r *http.Request) {
-	// We handle the Auth header in two places if we do this a third time pull this out into a general Auth header
-	// processing function
-	authHeader := r.Header.Get("Authorization")
+	requestToken, err := extractAuthTokenFromRequest(r)
 
-	if authHeader == "" {
-		respondWithError(w, http.StatusBadRequest, "no auth header supplied")
+	if err != nil {
+		respondWithError(w, http.StatusBadRequest, err.Error())
 		return
 	}
 
-	splitAuth := strings.Split(authHeader, " ")
-
-	if len(splitAuth) == 0 {
-		respondWithError(w, http.StatusBadRequest, "empty auth header")
-	}
-
-	if len(splitAuth) != 2 && splitAuth[0] != "Bearer" {
-		respondWithError(w, http.StatusBadRequest, "invalid paremeters")
-	}
-
-	requestToken := splitAuth[1]
-
 	user, err := apiCfg.DB.SelectUserByRefreshToken(r.Context(), sql.NullString{String: requestToken, Valid: true})
 
 	if err != nil {

diff --git a/middleware.go b/middleware.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"errors"
 	"log"
 	"net/http"
 	"strconv"
@@ -10,29 +11,37 @@ import (
 	"github.com/golang-jwt/jwt/v5"
 )
 
+func extractAuthTokenFromRequest(r *http.Request) (string, error) {
+	authHeader := r.Header.Get("Authorization")
+
+	if authHeader == "" {
+		return "", errors.New("no authorization header supplied")
+	}
+
+	splitAuth := strings.Split(authHeader, " ")
+
+	if len(splitAuth) == 0 {
+		return "", errors.New("empty authorization header")
+	}
+
+	if len(splitAuth) != 2 && splitAuth[0] != "Bearer" {
+		return "", errors.New("invalid data in authorization header")
+	}
+
+	return splitAuth[1], nil
+}
+
 type authedHandeler func(http.ResponseWriter, *http.Request, database.User)
 
 func (apiCfg *apiConfig) authenticationMiddleware(handler authedHandeler) http.HandlerFunc {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		authHeader := r.Header.Get("Authorization")
+		requestToken, err := extractAuthTokenFromRequest(r)
 
-		if authHeader == "" {
-			respondWithError(w, http.StatusBadRequest, "no auth header supplied")
+		if err != nil {
+			respondWithError(w, http.StatusUnauthorized, err.Error())
 			return
 		}
 
-		splitAuth := strings.Split(authHeader, " ")
-
-		if len(splitAuth) == 0 {
-			respondWithError(w, http.StatusBadRequest, "empty auth header")
-		}
-
-		if len(splitAuth) != 2 && splitAuth[0] != "Bearer" {
-			respondWithError(w, http.StatusBadRequest, "invalid paremeters")
-		}
-
-		requestToken := splitAuth[1]
-
 		claims := jwt.RegisteredClaims{}
 
 		token, err := jwt.ParseWithClaims(