refactor: improved auth middleware's AuthenticateFromCookie method implementation

Author: ralvarezdev

go.mod

@@ -5,7 +5,7 @@ go 1.25.1
 require (
 	github.com/ralvarezdev/go-flags v0.3.8
 	github.com/ralvarezdev/go-grpc v0.5.15
-	github.com/ralvarezdev/go-json v0.2.2
+	github.com/ralvarezdev/go-json v0.2.3
 	github.com/ralvarezdev/go-jwt v0.7.4
 	github.com/ralvarezdev/go-rate-limiter v0.1.11
 	github.com/ralvarezdev/go-reflect v0.3.1

go.sum

@@ -24,8 +24,8 @@ github.com/ralvarezdev/go-flags v0.3.8 h1:b/doNRr2HsniEpz8NjbH2vxJH5WMeymIx0LAzD
 github.com/ralvarezdev/go-flags v0.3.8/go.mod h1:R3yVBYvzwqfOp26LidaiJ/zftVAnPC3pKunVpV/vosE=
 github.com/ralvarezdev/go-grpc v0.5.15 h1:ONyaMXDsa2D20oMUyqSUa0+vkPyN/yBjpdpQROkJNCU=
 github.com/ralvarezdev/go-grpc v0.5.15/go.mod h1:sWWaPkhXCJq5xQhTvBkfrbrZrdiZx6H8j4sAk/kk0so=
-github.com/ralvarezdev/go-json v0.2.2 h1:YN15JZr43TXmD9pLqazYTdi49gEdkI3vSM6mpCFX8tY=
-github.com/ralvarezdev/go-json v0.2.2/go.mod h1:85+1W7iK7NNEwgph/X7up69bqY5ug3Psqykjz+Mnq1I=
+github.com/ralvarezdev/go-json v0.2.3 h1:9WOY49UN5mTjylRJ7t+6Ak9CqywQoZQ4AbNaHXF1O5U=
+github.com/ralvarezdev/go-json v0.2.3/go.mod h1:85+1W7iK7NNEwgph/X7up69bqY5ug3Psqykjz+Mnq1I=
 github.com/ralvarezdev/go-jwt v0.7.4 h1:f9ovJubB/X1xL1cxeW+QNQ8y79Jh/YN9v74SiyYBYXY=
 github.com/ralvarezdev/go-jwt v0.7.4/go.mod h1:fXGHJ6oPHXgMNWlgR08emuxUklQKgEqgWsq69Jk7lDE=
 github.com/ralvarezdev/go-rate-limiter v0.1.11 h1:4YqXf8iOuwsGi5oCAwJSHAjq7xRlbbCPiLrg2b2kJtw=

http/middleware/auth/middleware.go

@@ -105,6 +105,7 @@ func (m Middleware) authenticate(
 					// Get the context from the request
 					ctx := r.Context()
 
+					// Validate the token claims
 					claims, err := m.validator.ValidateClaims(
 						ctx,
 						rawToken,
@@ -278,83 +279,61 @@ func (m Middleware) AuthenticateFromCookie(
 		panic(ErrNilRefreshTokenFn)
 	}
 
-	var cookieName string
+	// Determine the cookie name based on the token type
+	refreshTokenCookieName := *m.options.CookieRefreshTokenName
+	accessTokenCookieName := *m.options.CookieAccessTokenName
+	var currentCookieName string
 	switch token {
 	case gojwttoken.AccessToken:
-		cookieName = *m.options.CookieAccessTokenName
+		currentCookieName = accessTokenCookieName
 	case gojwttoken.RefreshToken:
-		cookieName = *m.options.CookieRefreshTokenName
+		currentCookieName = refreshTokenCookieName
 	}
 
-	// Create the fail handler function
-	failHandler := m.authenticateFromCookieFailHandler(cookieName)
-
-	// Create the authenticate function
-	var authenticateFn func(rawTokens map[gojwttoken.Token]string) func(next http.Handler) http.Handler
+	// Create the fail handler functions
+	accessTokenFailHandler := m.authenticateFromCookieFailHandler(accessTokenCookieName)
+	refreshTokenFailHandler := m.authenticateFromCookieFailHandler(refreshTokenCookieName)
+	var currentFailHandler FailHandlerFn
+	switch token {
+	case gojwttoken.AccessToken:
+		currentFailHandler = accessTokenFailHandler
+	case gojwttoken.RefreshToken:
+		currentFailHandler = refreshTokenFailHandler
+	}
 
 	//nolint:nestif // This function requires nested ifs for clarity
-	authenticateFn = func(rawTokens map[gojwttoken.Token]string) func(next http.Handler) http.Handler {
-		return func(next http.Handler) http.Handler {
-			return http.HandlerFunc(
-				func(w http.ResponseWriter, r *http.Request) {
-					var (
-						rawToken string
-						cookie   *http.Cookie
-						err      error
-						ok       bool
-					)
-
-					// Get the cookie
-					if rawTokens != nil {
-						// Get the raw token from the map
-						rawToken, ok = rawTokens[token]
-
-						// Return an error if the token is missing
-						if !ok {
-							failHandler(
-								w,
-								r,
-								gonethttp.ErrCookieNotFound,
-								gonethttp.ErrCodeCookieNotFound,
-							)
-							return
-						}
-					} else {
-						// Get the cookie from the request
-						cookie, err = r.Cookie(cookieName)
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(
+			func(w http.ResponseWriter, r *http.Request) {
+				var (
+					rawToken string
+					cookie   *http.Cookie
+					err      error
+					ok       bool
+				)
 
-						// Check if there was an error getting the cookie
-						if err == nil {
-							// Get the raw token from the cookie
-							rawToken = cookie.Value
-						} else if errors.Is(err, http.ErrNoCookie) {
-							// Check if the token can be refreshed
-							if token == gojwttoken.AccessToken && m.options.RefreshTokenFn != nil {
-								// Refresh the token
-								rawTokens, err = m.options.RefreshTokenFn(w, r)
-								if err != nil {
-									m.authenticateFromCookieFailHandler(*m.options.CookieRefreshTokenName)(
-										w,
-										r,
-										err,
-										ErrCodeFailedToRefreshToken,
-									)
-									return
-								}
+				// Get the cookie from the request
+				cookie, err = r.Cookie(currentCookieName)
 
-								// authenticate again
-								authenticateFn(rawTokens)(next).ServeHTTP(
-									w,
-									r,
-								)
-								return
-							}
-						}
+				// Check if there was an error getting the cookie
+				if err == nil {
+					// Get the raw token from the cookie
+					rawToken = cookie.Value
+				} else if errors.Is(err, http.ErrNoCookie) {
+					// Check if there's no option to refresh the token or if the token is a refresh token
+					if token == gojwttoken.RefreshToken || m.options.RefreshTokenFn == nil {
+						currentFailHandler(
+							w,
+							r,
+							gonethttp.ErrCookieNotFound,
+							gonethttp.ErrCodeCookieNotFound,
+						)
+						return
 					}
 
-					// Check if the raw token is empty
-					if rawToken == "" {
-						failHandler(
+					// Check if the refresh token cookie is present
+					if _, err = r.Cookie(refreshTokenCookieName); err != nil {
+						currentFailHandler(
 							w,
 							r,
 							gonethttp.ErrCookieNotFound,
@@ -363,18 +342,45 @@ func (m Middleware) AuthenticateFromCookie(
 						return
 					}
 
-					// Call the authenticate function
-					m.authenticate(
-						token,
-						rawToken,
-						failHandler,
-					)(next).ServeHTTP(
+					// Refresh the token
+					rawTokens, refreshErr := m.options.RefreshTokenFn(w, r)
+					if refreshErr != nil {
+						refreshTokenFailHandler(
+							w,
+							r,
+							refreshErr,
+							ErrCodeFailedToRefreshToken,
+						)
+						return
+					}
+
+					// Get the raw token from the map, if not found set it to an empty string
+					if rawToken, ok = rawTokens[token]; !ok {
+						rawToken = ""
+					}
+				}
+
+				// Check if the raw token is empty
+				if rawToken == "" {
+					currentFailHandler(
 						w,
 						r,
+						gonethttp.ErrCookieNotFound,
+						gonethttp.ErrCodeCookieNotFound,
 					)
-				},
-			)
-		}
+					return
+				}
+
+				// Call the authenticate function
+				m.authenticate(
+					token,
+					rawToken,
+					currentFailHandler,
+				)(next).ServeHTTP(
+					w,
+					r,
+				)
+			},
+		)
 	}
-	return authenticateFn(nil)
 }

http/middleware/validator/middleware.go

@@ -180,7 +180,7 @@ func (m Middleware) CreateValidateFn(
 			return validateFn, nil
 		}
 	}
-	
+
 	// Get the type of the request
 	bodyType := goreflect.GetDereferencedType(bodyExample)