Add backend foundation and config-driven workbench

backend/internal/httpapi/middleware/auth.go

@@ -0,0 +1,50 @@
+package middleware
+
+import (
+	"context"
+	"net/http"
+	"strings"
+
+	"cmr-backend/internal/apperr"
+	"cmr-backend/internal/httpx"
+	"cmr-backend/internal/platform/jwtx"
+)
+
+type authContextKey string
+
+const authKey authContextKey = "auth"
+
+type AuthContext struct {
+	UserID       string
+	UserPublicID string
+}
+
+func NewAuthMiddleware(jwtManager *jwtx.Manager) func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			authHeader := strings.TrimSpace(r.Header.Get("Authorization"))
+			if authHeader == "" || !strings.HasPrefix(authHeader, "Bearer ") {
+				httpx.WriteError(w, apperr.New(http.StatusUnauthorized, "unauthorized", "missing bearer token"))
+				return
+			}
+
+			token := strings.TrimSpace(strings.TrimPrefix(authHeader, "Bearer "))
+			claims, err := jwtManager.ParseAccessToken(token)
+			if err != nil {
+				httpx.WriteError(w, apperr.New(http.StatusUnauthorized, "invalid_token", "invalid access token"))
+				return
+			}
+
+			ctx := context.WithValue(r.Context(), authKey, &AuthContext{
+				UserID:       claims.UserID,
+				UserPublicID: claims.UserPublicID,
+			})
+			next.ServeHTTP(w, r.WithContext(ctx))
+		})
+	}
+}
+
+func GetAuthContext(ctx context.Context) *AuthContext {
+	auth, _ := ctx.Value(authKey).(*AuthContext)
+	return auth
+}