In this blog, we will delve into gin middleware to authorize the user access Token.

    sampleRoute := router.Group("/sample")
    // we are telling gin to use TokenAuthMiddleware
    // for all requests with path /sample/*
    sampleRoute.Use(middlewares.TokenAuthMiddleware())
    {
        sampleRoute.GET(
            "get",
            controllers.GetSampleData,
        )
    }

Now, let's write the code for middleware that authorizes all requests. Here in this code, we will read the auth token from the headers, find the user corresponding to that auth code, and pass it to the main handler. I am using gorm for accessing user data.

func TokenAuthMiddleware() gin.HandlerFunc {

    return func(c *gin.Context) {
        /// reading auth token
        accessToken := c.Request.Header.Get("Authorization")

        var user db.User
        if err := store.Postgres.Where(&db.User{AuthToken: accessToken}).First(&user).Error; err != nil {
            resp := api.Response{
                StatusCode: http.StatusUnauthorized,
                Message:    "Auth token is invalid",
                Success:    false,
            }
            resp.SendResponse(c)
            return
        } else {
            // we have added the user to context
            c.Set("user", user)
        }
        c.Next()
    }
}

Let's see how we access the user from handler

func GetSampleData(c *gin.Context) {    
    // now we have the user
    user, _ := c.Get("user")
    u := user.(db.User)
    // .....
}

Happy Coding !