auth middleware integrated

Author: Thanus-Kumaar

controllers/llm_controller.go

@@ -4,6 +4,7 @@ import (
 	"io"
 	"net/http"
 
+	"github.com/Thanus-Kumaar/controller_microservice_v2/middleware"
 	"github.com/Thanus-Kumaar/controller_microservice_v2/modules"
 	"github.com/rs/zerolog"
 	"maps"
@@ -26,8 +27,13 @@ func NewLlmController(module *modules.LlmModule, logger zerolog.Logger) *LlmCont
 // GenerateNotebookHandler handles POST /api/v1/llm/generate
 func (c *LlmController) GenerateNotebookHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
+	user, ok := ctx.Value(middleware.UserContextKey).(*middleware.User)
+	if !ok {
+		http.Error(w, "user not found in context", http.StatusUnauthorized)
+		return
+	}
 
-	resp, err := c.Module.GenerateNotebook(ctx, r.Body)
+	resp, err := c.Module.GenerateNotebook(ctx, r.Body, user.ID)
 	if err != nil {
 		c.Logger.Error().Err(err).Msg("Failed to proxy generate request")
 		http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -51,8 +57,13 @@ func (c *LlmController) GenerateNotebookHandler(w http.ResponseWriter, r *http.R
 func (c *LlmController) ModifyNotebookHandler(w http.ResponseWriter, r *http.Request) {
 	sessionID := r.PathValue("session_id")
 	ctx := r.Context()
+	user, ok := ctx.Value(middleware.UserContextKey).(*middleware.User)
+	if !ok {
+		http.Error(w, "user not found in context", http.StatusUnauthorized)
+		return
+	}
 
-	resp, err := c.Module.ModifyNotebook(ctx, sessionID, r.Body)
+	resp, err := c.Module.ModifyNotebook(ctx, sessionID, r.Body, user.ID)
 	if err != nil {
 		c.Logger.Error().Err(err).Msgf("Failed to proxy modify request for session %s", sessionID)
 		http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -72,8 +83,13 @@ func (c *LlmController) ModifyNotebookHandler(w http.ResponseWriter, r *http.Req
 func (c *LlmController) FixNotebookHandler(w http.ResponseWriter, r *http.Request) {
 	sessionID := r.PathValue("session_id")
 	ctx := r.Context()
+	user, ok := ctx.Value(middleware.UserContextKey).(*middleware.User)
+	if !ok {
+		http.Error(w, "user not found in context", http.StatusUnauthorized)
+		return
+	}
 
-	resp, err := c.Module.FixNotebook(ctx, sessionID, r.Body)
+	resp, err := c.Module.FixNotebook(ctx, sessionID, r.Body, user.ID)
 	if err != nil {
 		c.Logger.Error().Err(err).Msgf("Failed to proxy fix request for session %s", sessionID)
 		http.Error(w, err.Error(), http.StatusInternalServerError)

controllers/notebook_controller.go

@@ -52,8 +52,23 @@ func (c *NotebookController) ListNotebooksHandler(w http.ResponseWriter, r *http
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
-	// TODO: parse limit/offset/created_by/problem_statement_id from r.URL.Query()
-	nbs, err := c.NotebookModule.ListNotebooks(ctx, nil)
+	filters := make(map[string]string)
+	query := r.URL.Query()
+
+	if createdBy := query.Get("created_by"); createdBy != "" {
+		filters["created_by"] = createdBy
+	}
+	if problemStatementID := query.Get("problem_statement_id"); problemStatementID != "" {
+		filters["problem_statement_id"] = problemStatementID
+	}
+	if limit := query.Get("limit"); limit != "" {
+		filters["limit"] = limit
+	}
+	if offset := query.Get("offset"); offset != "" {
+		filters["offset"] = offset
+	}
+
+	nbs, err := c.NotebookModule.ListNotebooks(ctx, filters)
 	if err != nil {
 		c.Logger.Error().Err(err).Msg("failed to list notebooks")
 		http.Error(w, "error listing notebooks", http.StatusInternalServerError)

controllers/problem_controller.go

@@ -8,6 +8,7 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/Thanus-Kumaar/controller_microservice_v2/middleware"
 	"github.com/Thanus-Kumaar/controller_microservice_v2/modules"
 	"github.com/Thanus-Kumaar/controller_microservice_v2/pkg"
 	"github.com/Thanus-Kumaar/controller_microservice_v2/pkg/models"
@@ -30,18 +31,21 @@ func NewProblemController(problemModule *modules.ProblemModule, logger zerolog.L
 
 // CreateProblemHandler handles POST /api/v1/problems
 func (c *ProblemController) CreateProblemHandler(w http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
-	// For now, we'll use a hardcoded user ID for testing.
-	// TODO: Replace with actual user_id from auth middleware.
-	const hardcodedUserID = "123e4567-e89b-12d3-a456-426614174000"
+
+	user, ok := ctx.Value(middleware.UserContextKey).(*middleware.User)
+	if !ok {
+		http.Error(w, "user not found in context", http.StatusUnauthorized)
+		return
+	}
 
 	var req models.CreateProblemRequest
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		http.Error(w, "invalid request body", http.StatusBadRequest)
 		return
 	}
-	problemStatement, err := c.ProblemModule.CreateProblem(ctx, &req, hardcodedUserID)
+	problemStatement, err := c.ProblemModule.CreateProblem(ctx, &req, user.ID)
 	if err != nil {
 		c.Logger.Error().Err(err).Msg("failed to create problem statement")
 		http.Error(w, fmt.Sprintf("error creating problem statemnet: %v", err), http.StatusInternalServerError)
@@ -52,13 +56,16 @@ func (c *ProblemController) CreateProblemHandler(w http.ResponseWriter, r *http.
 
 // ListProblemsHandler handles GET /api/v1/problems
 func (c *ProblemController) ListProblemsHandler(w http.ResponseWriter, r *http.Request) {
-	// For now, we'll use a hardcoded user ID for testing.
-	// TODO: Replace with actual user_id from auth middleware.
-	const hardcodedUserID = "123e4567-e89b-12d3-a456-426614174000"
 	ctx, cancel := context.WithTimeout(r.Context(), 5*time.Second)
 	defer cancel()
 
-	problems, err := c.ProblemModule.GetProblemsByUserID(ctx, hardcodedUserID)
+	user, ok := ctx.Value(middleware.UserContextKey).(*middleware.User)
+	if !ok {
+		http.Error(w, "user not found in context", http.StatusUnauthorized)
+		return
+	}
+
+	problems, err := c.ProblemModule.GetProblemsByUserID(ctx, user.ID)
 	if err != nil {
 		c.Logger.Error().Err(err).Msg("failed to list problems by user id")
 		http.Error(w, "failed to retrieve problems", http.StatusInternalServerError)
@@ -95,17 +102,19 @@ func (c *ProblemController) UpdateProblemByIDHandler(w http.ResponseWriter, r *h
 	ctx, cancel := context.WithTimeout(r.Context(), 5*time.Second)
 	defer cancel()
 
-	// For now, we'll use a hardcoded user ID for testing.
-	// TODO: Replace with actual user_id from auth middleware.
-	const hardcodedUserID = "123e4567-e89b-12d3-a456-426614174000"
+	user, ok := ctx.Value(middleware.UserContextKey).(*middleware.User)
+	if !ok {
+		http.Error(w, "user not found in context", http.StatusUnauthorized)
+		return
+	}
 
 	var req models.UpdateProblemRequest
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		http.Error(w, "invalid request body", http.StatusBadRequest)
 		return
 	}
 
-	updatedProblem, err := c.ProblemModule.UpdateProblem(ctx, problemID, &req, hardcodedUserID)
+	updatedProblem, err := c.ProblemModule.UpdateProblem(ctx, problemID, &req, user.ID)
 	if err != nil {
 		c.Logger.Error().Err(err).Msg("failed to update problem")
 		// This could be a not found error or an authorization error.
@@ -122,11 +131,13 @@ func (c *ProblemController) DeleteProblemByIDHandler(w http.ResponseWriter, r *h
 	ctx, cancel := context.WithTimeout(r.Context(), 5*time.Second)
 	defer cancel()
 
-	// For now, we'll use a hardcoded user ID for testing.
-	// TODO: Replace with actual user_id from auth middleware.
-	const hardcodedUserID = "123e4567-e89b-12d3-a456-426614174000"
+	user, ok := ctx.Value(middleware.UserContextKey).(*middleware.User)
+	if !ok {
+		http.Error(w, "user not found in context", http.StatusUnauthorized)
+		return
+	}
 
-	err := c.ProblemModule.DeleteProblem(ctx, problemID, hardcodedUserID)
+	err := c.ProblemModule.DeleteProblem(ctx, problemID, user.ID)
 	if err != nil {
 		c.Logger.Error().Err(err).Msg("failed to delete problem")
 		// This could be a not found error or an authorization error.

docker-compose.yaml

@@ -15,7 +15,7 @@ services:
       JUPYTER_AUTH_TOKEN: "YOUR_SECRET_TOKEN"
       CULL_INTERVAL_MINUTES: 10
       IDLE_THRESHOLD_MINUTES: 30
-      AUTH_GRPC_SERVER_ADDRESS: "localhost:5001"
+      AUTH_GRPC_ADDRESS: "localhost:5001"
       LLM_MICROSERVICE_URL: "http://host.docker.internal:8000"
     networks:
       - evoc-net

middleware/auth_middleware.go

@@ -0,0 +1,71 @@
+package middleware
+
+import (
+	"context"
+	"net/http"
+	"os"
+
+	"github.com/Thanus-Kumaar/controller_microservice_v2/proto"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
+)
+
+type contextKey string
+
+const (
+	UserContextKey = contextKey("user")
+)
+
+type User struct {
+	ID       string
+	Role     string
+	Email    string
+	UserName string
+	FullName string
+}
+
+func AuthMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		cookie, err := r.Cookie("t")
+		if err != nil {
+			http.Error(w, "Authorization cookie required", http.StatusUnauthorized)
+			return
+		}
+
+		tokenString := cookie.Value
+		if tokenString == "" {
+			http.Error(w, "Authorization cookie is empty", http.StatusUnauthorized)
+			return
+		}
+
+		conn, err := grpc.NewClient(os.Getenv("AUTH_GRPC_ADDRESS"), grpc.WithTransportCredentials(insecure.NewCredentials()))
+		if err != nil {
+			http.Error(w, "Failed to connect to auth service", http.StatusInternalServerError)
+			return
+		}
+		defer conn.Close()
+
+		client := proto.NewAuthenticateClient(conn)
+		res, err := client.Auth(context.Background(), &proto.TokenValidateRequest{Token: tokenString})
+		if err != nil {
+			http.Error(w, "Failed to validate token", http.StatusInternalServerError)
+			return
+		}
+
+		if !res.Valid {
+			http.Error(w, "Invalid token", http.StatusUnauthorized)
+			return
+		}
+
+		user := &User{
+			ID:       res.Id,
+			Role:     res.Role,
+			Email:    res.Email,
+			UserName: res.UserName,
+			FullName: res.FullName,
+		}
+
+		ctx := context.WithValue(r.Context(), UserContextKey, user)
+		next.ServeHTTP(w, r.WithContext(ctx))
+	})
+}

modules/llm_module.go

@@ -24,7 +24,7 @@ func NewLlmModule(repo repository.LlmRepository) *LlmModule {
 }
 
 // GenerateNotebook validates and proxies the generate request.
-func (m *LlmModule) GenerateNotebook(ctx context.Context, body io.Reader) (*http.Response, error) {
+func (m *LlmModule) GenerateNotebook(ctx context.Context, body io.Reader, userID string) (*http.Response, error) {
 	bodyBytes, err := io.ReadAll(body)
 	if err != nil {
 		return nil, fmt.Errorf("failed to read request body: %w", err)
@@ -35,10 +35,12 @@ func (m *LlmModule) GenerateNotebook(ctx context.Context, body io.Reader) (*http
 		return nil, fmt.Errorf("failed to decode request body as JSON: %w", err)
 	}
 
-	if err := IsUserIDandNotebookIDPresent(requestData); err != nil {
+	if err := IsNotebookIDPresent(requestData); err != nil {
 		return nil, err
 	}
 
+	requestData["user_id"] = userID
+
 	finalBodyBytes, err := json.Marshal(requestData)
 	if err != nil {
 		return nil, fmt.Errorf("failed to re-encode request body: %w", err)
@@ -48,7 +50,7 @@ func (m *LlmModule) GenerateNotebook(ctx context.Context, body io.Reader) (*http
 }
 
 // ModifyNotebook validates and proxies the modify request.
-func (m *LlmModule) ModifyNotebook(ctx context.Context, sessionID string, body io.Reader) (*http.Response, error) {
+func (m *LlmModule) ModifyNotebook(ctx context.Context, sessionID string, body io.Reader, userID string) (*http.Response, error) {
 	bodyBytes, err := io.ReadAll(body)
 	if err != nil {
 		return nil, fmt.Errorf("failed to read request body: %w", err)
@@ -59,10 +61,12 @@ func (m *LlmModule) ModifyNotebook(ctx context.Context, sessionID string, body i
 		return nil, fmt.Errorf("failed to decode request body as JSON: %w", err)
 	}
 
-	if err := IsUserIDandNotebookIDPresent(requestData); err != nil {
+	if err := IsNotebookIDPresent(requestData); err != nil {
 		return nil, err
 	}
 
+	requestData["user_id"] = userID
+
 	if instruction, ok := requestData["instruction"].(string); !ok || instruction == "" {
 		return nil, fmt.Errorf("request body must contain a non-empty 'instruction' string")
 	}
@@ -75,11 +79,16 @@ func (m *LlmModule) ModifyNotebook(ctx context.Context, sessionID string, body i
 		return nil, fmt.Errorf("'notebook' object must contain a 'cells' array")
 	}
 
-	return m.Repo.ModifyNotebook(ctx, bytes.NewBuffer(bodyBytes))
+	finalBodyBytes, err := json.Marshal(requestData)
+	if err != nil {
+		return nil, fmt.Errorf("failed to re-encode request body: %w", err)
+	}
+
+	return m.Repo.ModifyNotebook(ctx, bytes.NewBuffer(finalBodyBytes))
 }
 
 // FixNotebook validates and proxies the fix request.
-func (m *LlmModule) FixNotebook(ctx context.Context, sessionID string, body io.Reader) (*http.Response, error) {
+func (m *LlmModule) FixNotebook(ctx context.Context, sessionID string, body io.Reader, userID string) (*http.Response, error) {
 	bodyBytes, err := io.ReadAll(body)
 	if err != nil {
 		return nil, fmt.Errorf("failed to read request body: %w", err)
@@ -90,10 +99,12 @@ func (m *LlmModule) FixNotebook(ctx context.Context, sessionID string, body io.R
 		return nil, fmt.Errorf("failed to decode request body as JSON: %w", err)
 	}
 
-	if err := IsUserIDandNotebookIDPresent(requestData); err != nil {
+	if err := IsNotebookIDPresent(requestData); err != nil {
 		return nil, err
 	}
 
+	requestData["user_id"] = userID
+
 	if traceback, ok := requestData["traceback"].(string); !ok || traceback == "" {
 		return nil, fmt.Errorf("request body must contain a non-empty 'traceback' string")
 	}
@@ -106,26 +117,22 @@ func (m *LlmModule) FixNotebook(ctx context.Context, sessionID string, body io.R
 		return nil, fmt.Errorf("'notebook' object must contain a 'cells' array")
 	}
 
-	return m.Repo.FixNotebook(ctx, bytes.NewBuffer(bodyBytes))
+	finalBodyBytes, err := json.Marshal(requestData)
+	if err != nil {
+		return nil, fmt.Errorf("failed to re-encode request body: %w", err)
+	}
+
+	return m.Repo.FixNotebook(ctx, bytes.NewBuffer(finalBodyBytes))
 }
 
-func IsUserIDandNotebookIDPresent(requestData map[string]any) error {
-	// TODO: User ID should not be passed in the body.
-	// TODO: It should be extracted from the auth context, which i am not going to do now :)
-	// making sure user_id and notebook_id are present
-	if _, hasUserID := requestData["user_id"]; !hasUserID {
-		return fmt.Errorf("request body must contain 'user_id'")
-	}
+func IsNotebookIDPresent(requestData map[string]any) error {
+	// making sure notebook_id is present
 	if _, hasNotebookID := requestData["notebook_id"]; !hasNotebookID {
 		return fmt.Errorf("request body must contain 'notebook_id'")
 	}
 	notebookIDStr, isString := requestData["notebook_id"].(string)
 	if !isString || notebookIDStr == "" {
 		return fmt.Errorf("'notebook_id' must be a non-empty string")
 	}
-	userIDStr, isString := requestData["user_id"].(string)
-	if !isString || userIDStr == "" {
-		return fmt.Errorf("'user_id' must be a non-empty string")
-	}
 	return nil
 }

modules/problem_module.go

@@ -26,8 +26,6 @@ func (m *ProblemModule) CreateProblem(ctx context.Context, problem *models.Creat
 		return nil, errors.New("invalid problem creation request")
 	}
 
-	// TODO: The createdBy string should be a valid UUID.
-	// We should probably parse it here. For now, we'll assume it's valid.
 	creatorID, err := uuid.Parse(createdBy)
 	if err != nil {
 		// If createdBy is an empty string or not a valid UUID, handle it.