admin/honeyDueAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
68a4c28d6895534976348633eabb7f22143f7022
honeyDueAPI/internal/middleware/admin_auth.go
Trey t eb127fda20 Add real-time log monitoring and system stats dashboard 
Implements a comprehensive monitoring system for the admin interface:

Backend:
- New monitoring package with Redis ring buffer for log storage
- Zerolog MultiWriter to capture logs to Redis
- System stats collection (CPU, memory, disk, goroutines, GC)
- HTTP metrics middleware (request counts, latency, error rates)
- Asynq queue stats for worker process
- WebSocket endpoint for real-time log streaming
- Admin auth middleware now accepts token in query params (for WebSocket)

Frontend:
- New monitoring page with tabs (Overview, Logs, API Stats, Worker Stats)
- Real-time log viewer with level filtering and search
- System stats cards showing CPU, memory, goroutines, uptime
- HTTP endpoint statistics table
- Asynq queue depth visualization
- Enable/disable monitoring toggle in settings

Memory safeguards:
- Max 200 unique endpoints tracked
- Hourly stats reset to prevent unbounded growth
- Max 1000 log entries in ring buffer
- Max 1000 latency samples for P95 calculation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-09 10:26:40 -06:00

136 lines
3.7 KiB
Go
Raw Blame History

package middleware
import (
"errors"
"net/http"
"strings"
"time"
"github.com/gin-gonic/gin"
"github.com/golang-jwt/jwt/v5"
"github.com/treytartt/casera-api/internal/config"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/repositories"
)
const (
// AdminUserKey is the context key for the authenticated admin user
AdminUserKey = "admin_user"
// AdminClaimsKey is the context key for JWT claims
AdminClaimsKey = "admin_claims"
)
// AdminClaims represents the JWT claims for admin authentication
type AdminClaims struct {
AdminID uint `json:"admin_id"`
Email string `json:"email"`
Role models.AdminRole `json:"role"`
jwt.RegisteredClaims
}
// AdminAuthMiddleware creates a middleware that validates admin JWT tokens
func AdminAuthMiddleware(cfg *config.Config, adminRepo *repositories.AdminRepository) gin.HandlerFunc {
return func(c *gin.Context) {
var tokenString string
// Get token from Authorization header
authHeader := c.GetHeader("Authorization")
if authHeader != "" {
// Check Bearer prefix
parts := strings.SplitN(authHeader, " ", 2)
if len(parts) == 2 && strings.ToLower(parts[0]) == "bearer" {
tokenString = parts[1]
}
}
// If no header token, check query parameter (for WebSocket connections)
if tokenString == "" {
tokenString = c.Query("token")
}
if tokenString == "" {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Authorization required"})
return
}
// Parse and validate token
claims := &AdminClaims{}
token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
// Validate signing method
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, errors.New("invalid signing method")
}
return []byte(cfg.Security.SecretKey), nil
})
if err != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid token"})
return
}
if !token.Valid {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Token is not valid"})
return
}
// Get admin user from database
admin, err := adminRepo.FindByID(claims.AdminID)
if err != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Admin user not found"})
return
}
// Check if admin is active
if !admin.IsActive {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Admin account is disabled"})
return
}
// Store admin and claims in context
c.Set(AdminUserKey, admin)
c.Set(AdminClaimsKey, claims)
c.Next()
}
}
// GenerateAdminToken creates a new JWT token for an admin user
func GenerateAdminToken(admin *models.AdminUser, cfg *config.Config) (string, error) {
// Token expires in 24 hours
expirationTime := time.Now().Add(24 * time.Hour)
claims := &AdminClaims{
AdminID: admin.ID,
Email: admin.Email,
Role: admin.Role,
RegisteredClaims: jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(expirationTime),
IssuedAt: jwt.NewNumericDate(time.Now()),
Subject: admin.Email,
},
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
return token.SignedString([]byte(cfg.Security.SecretKey))
}
// RequireSuperAdmin middleware requires the admin to have super_admin role
func RequireSuperAdmin() gin.HandlerFunc {
return func(c *gin.Context) {
admin, exists := c.Get(AdminUserKey)
if !exists {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Admin authentication required"})
return
}
adminUser := admin.(*models.AdminUser)
if !adminUser.IsSuperAdmin() {
c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "Super admin privileges required"})
return
}
c.Next()
}
}
Reference in New Issue View Git Blame Copy Permalink