refactor(backend): don't apply AuthMiddleware for all endpoints

e.g. /api/v1/auth does not need AuthMiddleware.

Author: pan93412

cmd/backend/dependencies.go

@@ -35,32 +35,6 @@ func AuthStorage(redisClient rueidis.Client) auth.Storage {
 	return auth.NewRedisStorage(redisClient)
 }
 
-// AuthMiddleware creates an auth.Middleware that can be injected into gin.
-func AuthMiddleware(storage auth.Storage) Middleware {
-	return Middleware{
-		Handler: auth.Middleware(storage),
-	}
-}
-
-// MachineMiddleware creates a machine middleware that can be injected into gin.
-func MachineMiddleware() Middleware {
-	return Middleware{
-		Handler: httputils.MachineMiddleware(),
-	}
-}
-
-// CorsMiddleware creates a cors middleware that can be injected into gin.
-func CorsMiddleware(cfg config.Config) Middleware {
-	return Middleware{
-		Handler: cors.New(cors.Config{
-			AllowOrigins:     cfg.AllowedOrigins,
-			AllowMethods:     []string{"GET", "POST", "OPTIONS"},
-			AllowHeaders:     []string{"Content-Type", "User-Agent", "Referer"},
-			AllowCredentials: true,
-		}),
-	}
-}
-
 func SqlRunner(cfg config.Config) *sqlrunner.SqlRunner {
 	return sqlrunner.NewSqlRunner(cfg.SqlRunner)
 }
@@ -92,24 +66,29 @@ func AuthService(entClient *ent.Client, storage auth.Storage, config config.Conf
 }
 
 // GinEngine creates a gin engine.
-func GinEngine(services []httpapi.Service, middlewares []Middleware, gqlgenHandler *handler.Server, cfg config.Config) *gin.Engine {
+func GinEngine(services []httpapi.Service, authStorage auth.Storage, gqlgenHandler *handler.Server, cfg config.Config) *gin.Engine {
 	engine := gin.New()
 
 	if err := engine.SetTrustedProxies(cfg.TrustProxies); err != nil {
 		slog.Error("error setting trusted proxies", "error", err)
 	}
 
-	for _, middleware := range middlewares {
-		engine.Use(middleware.Handler)
-	}
-
 	engine.Use(gin.Recovery())
-
-	engine.GET("/", func(ctx *gin.Context) {
+	engine.Use(httputils.MachineMiddleware())
+	engine.Use(cors.New(cors.Config{
+		AllowOrigins:     cfg.AllowedOrigins,
+		AllowMethods:     []string{"GET", "POST", "OPTIONS"},
+		AllowHeaders:     []string{"Content-Type", "User-Agent", "Referer"},
+		AllowCredentials: true,
+	}))
+
+	router := engine.Group("/")
+	router.Use(auth.Middleware(authStorage))
+	router.GET("/", func(ctx *gin.Context) {
 		handler := playground.Handler("GraphQL playground", "/query")
 		handler.ServeHTTP(ctx.Writer, ctx.Request)
 	})
-	engine.POST("/query", func(ctx *gin.Context) {
+	router.POST("/query", func(ctx *gin.Context) {
 		gqlgenHandler.ServeHTTP(ctx.Writer, ctx.Request)
 	})
 
@@ -174,19 +153,6 @@ func GinLifecycle(lifecycle fx.Lifecycle, engine *gin.Engine, cfg config.Config)
 	})
 }
 
-// Middleware is a middleware that can be injected into gin.
-type Middleware struct {
-	Handler gin.HandlerFunc
-}
-
-// AnnotateMiddleware annotates a middleware function to be injected into gin.
-func AnnotateMiddleware(f any) any {
-	return fx.Annotate(
-		f,
-		fx.ResultTags(`group:"middlewares"`),
-	)
-}
-
 // AnnotateService annotates a service function to be injected into gin.
 func AnnotateService(f any) any {
 	return fx.Annotate(

cmd/backend/server.go

@@ -16,14 +16,11 @@ func main() {
 		fx.Provide(
 			AuthStorage,
 			SqlRunner,
-			AnnotateMiddleware(AuthMiddleware),
-			AnnotateMiddleware(MachineMiddleware),
-			AnnotateMiddleware(CorsMiddleware),
 			AnnotateService(AuthService),
 			GqlgenHandler,
 			fx.Annotate(
 				GinEngine,
-				fx.ParamTags(`group:"services"`, `group:"middlewares"`),
+				fx.ParamTags(`group:"services"`),
 			),
 		),
 		fx.Invoke(GinLifecycle),

httpapi/README.md

@@ -2,4 +2,7 @@
 
 Database Playground 大部分的 API 均以 GraphQL 形式提供 (`/query`)，但部分為 BFF (Backend for Frontend) 設定的 Stateful Endpoints 則是以 HTTP API 進行設計，並以 `/api` 為開頭。
 
+> [!WARNING]
+> 注意 HTTP API 不會帶入 AuthMiddleware。如果你的 API 需要鑒權，請手動帶入 `auth.Middleware`。
+
 - [認證](./auth)：相關方法均列於 `/api/auth` 路徑底下。