apksel-dev/apskel-pos-backend
4
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Merge pull request 'fix pointer' (#9) from feature/outlet-table into main

Browse Source 
Reviewed-on: #9
This commit is contained in:
aefril 2026-05-14 06:54:51 +00:00
commit 6d735c20cb
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
internal/middleware/auth_middleware.go
View File

@ -11,6 +11,7 @@ import (
"apskel-pos-be/internal/service" "apskel-pos-be/internal/service"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"github.com/google/uuid"
) )
type AuthMiddleware struct { type AuthMiddleware struct {
@ -45,9 +46,13 @@ func (m *AuthMiddleware) RequireAuth() gin.HandlerFunc {
setKeyInContext(c, appcontext.OrganizationIDKey, userResponse.OrganizationID.String()) setKeyInContext(c, appcontext.OrganizationIDKey, userResponse.OrganizationID.String())
setKeyInContext(c, appcontext.UserIDKey, userResponse.ID.String()) setKeyInContext(c, appcontext.UserIDKey, userResponse.ID.String())
if userResponse.Role != "superadmin" { // Always override OutletID from token to prevent header injection.
setKeyInContext(c, appcontext.OutletIDKey, userResponse.OutletID.String()) // Set empty string if user has no outlet, so PopulateContext header value is ignored.
outletIDStr := ""
if userResponse.OutletID != nil && *userResponse.OutletID != uuid.Nil {
outletIDStr = userResponse.OutletID.String()
} }
setKeyInContext(c, appcontext.OutletIDKey, outletIDStr)
logger.FromContext(c.Request.Context()).Infof("AuthMiddleware::RequireAuth -> User authenticated: %s", userResponse.Email) logger.FromContext(c.Request.Context()).Infof("AuthMiddleware::RequireAuth -> User authenticated: %s", userResponse.Email)
c.Next() c.Next()