Check authentication from jwt on all routes

internal/jwtauth/jwt.go

@@ -1,15 +1,12 @@
 package jwtauth
 
 import (
-	"encoding/base64"
-	"os"
-
 	"github.com/golang-jwt/jwt/v5"
 )
 
 func GenerateJwtToken(username string) (string, error) {
 	var s string
-	key, err := base64.URLEncoding.DecodeString(os.Getenv(getKeyVariableName()))
+	key, err := GetJwtKey()
 	if err != nil {
 		return s, err
 	}

internal/jwtauth/key.go

@@ -37,3 +37,7 @@ func InitKey() error {
 	}
 	return err
 }
+
+func GetJwtKey() ([]byte, error) {
+	return base64.URLEncoding.DecodeString(os.Getenv(getKeyVariableName()))
+}

internal/middleware/auth.go

@@ -0,0 +1,52 @@
+package middleware
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+
+	"git.artlef.fr/PersonalLibraryManager/internal/jwtauth"
+	"github.com/gin-gonic/gin"
+	"github.com/golang-jwt/jwt/v5"
+)
+
+func Auth() gin.HandlerFunc {
+	return func(c *gin.Context) {
+
+		//do not check current user if we are creating an account or logging in
+		if strings.HasPrefix(c.FullPath(), "/auth") {
+			return
+		}
+
+		username, err := parseUserFromJwt(c)
+		if err != nil {
+			fmt.Println(err)
+			c.AbortWithStatusJSON(http.StatusUnauthorized,
+				gin.H{"error": "You must be logged in to access this resource."})
+		} else {
+			c.Set("user", username)
+		}
+	}
+}
+
+func parseUserFromJwt(c *gin.Context) (string, error) {
+
+	jwtokenStr := jwtFromBearerToken(c.GetHeader("Authorization"))
+	jwtoken, parseErr := jwt.Parse(jwtokenStr,
+		func(token *jwt.Token) (any, error) {
+			return jwtauth.GetJwtKey()
+		}, jwt.WithValidMethods([]string{jwt.SigningMethodHS256.Alg()}))
+	if parseErr != nil {
+		return "", parseErr
+	}
+	return jwtoken.Claims.GetSubject()
+}
+
+func jwtFromBearerToken(bearerToken string) string {
+	splitToken := strings.Split(bearerToken, " ")
+	if len(splitToken) == 2 {
+		return splitToken[1]
+	} else {
+		return ""
+	}
+}