package middleware import ( "database/sql" "net/http" "time" "github.com/gin-gonic/gin" "aimodels-prices/models" ) func AuthRequired() gin.HandlerFunc { return func(c *gin.Context) { cookie, err := c.Cookie("session") if err != nil { c.JSON(http.StatusUnauthorized, gin.H{"error": "Not logged in"}) c.Abort() return } db := c.MustGet("db").(*sql.DB) var session models.Session err = db.QueryRow("SELECT id, user_id, expires_at, created_at, updated_at, deleted_at FROM session WHERE id = ?", cookie).Scan( &session.ID, &session.UserID, &session.ExpiresAt, &session.CreatedAt, &session.UpdatedAt, &session.DeletedAt) if err != nil { c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid session"}) c.Abort() return } if session.ExpiresAt.Before(time.Now()) { c.JSON(http.StatusUnauthorized, gin.H{"error": "Session expired"}) c.Abort() return } user, err := session.GetUser(db) if err != nil { c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to get user"}) c.Abort() return } c.Set("user", user) c.Next() } } func AdminRequired() gin.HandlerFunc { return func(c *gin.Context) { user, exists := c.Get("user") if !exists { c.JSON(http.StatusUnauthorized, gin.H{"error": "Not logged in"}) c.Abort() return } if u, ok := user.(*models.User); !ok || u.Role != "admin" { c.JSON(http.StatusForbidden, gin.H{"error": "Admin access required"}) c.Abort() return } c.Next() } } func RequireAuth() gin.HandlerFunc { return func(c *gin.Context) { _, exists := c.Get("user") if !exists { c.JSON(http.StatusUnauthorized, gin.H{"error": "Authentication required"}) c.Abort() return } c.Next() } } func RequireAdmin() gin.HandlerFunc { return func(c *gin.Context) { user, exists := c.Get("user") if !exists { c.JSON(http.StatusUnauthorized, gin.H{"error": "Authentication required"}) c.Abort() return } if u, ok := user.(*models.User); !ok || u.Role != "admin" { c.JSON(http.StatusForbidden, gin.H{"error": "Admin access required"}) c.Abort() return } c.Next() } }