package middleware import ( "time" "github.com/gin-gonic/gin" "go.uber.org/zap" ) // Logger middleware adds request logging func Logger(logger *zap.Logger) gin.HandlerFunc { return func(c *gin.Context) { start := time.Now() path := c.Request.URL.Path query := c.Request.URL.RawQuery // Process request c.Next() // Calculate request time latency := time.Since(start) // Get status status := c.Writer.Status() // Log request details logger.Info("API Request", zap.String("method", c.Request.Method), zap.String("path", path), zap.String("query", query), zap.Int("status", status), zap.Duration("latency", latency), zap.String("ip", c.ClientIP()), zap.String("user-agent", c.Request.UserAgent()), ) } } // AuditLog middleware records detailed information about DICOM requests func AuditLog(logger *zap.Logger) gin.HandlerFunc { return func(c *gin.Context) { // We'll extract user info here when auth is implemented userID := "anonymous" if id, exists := c.Get("userID"); exists { userID = id.(string) } path := c.Request.URL.Path method := c.Request.Method // Process request c.Next() // Audit log after request completes logger.Info("DICOM Access", zap.String("userID", userID), zap.String("action", method), zap.String("resource", path), zap.Int("status", c.Writer.Status()), ) } } // CORS middleware to handle cross-origin requests func CORS(allowedOrigins []string) gin.HandlerFunc { return func(c *gin.Context) { origin := c.Request.Header.Get("Origin") // Check if origin is allowed allowed := false for _, o := range allowedOrigins { if o == "*" || o == origin { allowed = true break } } // Set CORS headers if allowed if allowed { c.Header("Access-Control-Allow-Origin", origin) c.Header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS") c.Header("Access-Control-Allow-Headers", "Origin, Content-Type, Content-Length, Accept-Encoding, Authorization") c.Header("Access-Control-Allow-Credentials", "true") } // Handle preflight requests if c.Request.Method == "OPTIONS" { c.AbortWithStatus(204) return } c.Next() } }