feat: adding background jobs ui page and apis - requires user is_admin to be set to true

2026-02-13 04:40:05 +01:00 · 2025-11-04 23:52:37 +00:00
parent 91686c1ea4
commit c41af60b26
97 changed files with 11135 additions and 138 deletions
--- a/internal/api/httpmiddleware/platform_admin.go
+++ b/internal/api/httpmiddleware/platform_admin.go
@@ -0,0 +1,45 @@
+package httpmiddleware
+
+import (
+	"net/http"
+
+	"github.com/glueops/autoglue/internal/utils"
+)
+
+// RequireAuthenticatedUser ensures a user principal is present (i.e. not an org/machine key).
+func RequireAuthenticatedUser() func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			if user, ok := UserFrom(r.Context()); !ok || user == nil {
+				// No user in context -> probably org/machine principal, or unauthenticated
+				utils.WriteError(w, http.StatusUnauthorized, "unauthorized", "user principal required")
+				return
+			}
+			next.ServeHTTP(w, r)
+		})
+	}
+}
+
+// RequirePlatformAdmin requires a user principal with IsAdmin=true.
+// This is platform-wide (non-org) admin and does NOT depend on org roles.
+func RequirePlatformAdmin() func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			user, ok := UserFrom(r.Context())
+			if !ok || user == nil {
+				utils.WriteError(w, http.StatusUnauthorized, "unauthorized", "user principal required")
+				return
+			}
+			if !user.IsAdmin {
+				utils.WriteError(w, http.StatusForbidden, "forbidden", "platform admin required")
+				return
+			}
+			next.ServeHTTP(w, r)
+		})
+	}
+}
+
+// RequireUserAdmin is an alias for RequirePlatformAdmin for readability at call sites.
+func RequireUserAdmin() func(http.Handler) http.Handler {
+	return RequirePlatformAdmin()
+}