95 lines
2.1 KiB
Go
95 lines
2.1 KiB
Go
package middleware
|
|
|
|
import (
|
|
"time"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
// Logger middleware adds request logging
|
|
func Logger(logger *zap.Logger) gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
start := time.Now()
|
|
path := c.Request.URL.Path
|
|
query := c.Request.URL.RawQuery
|
|
|
|
// Process request
|
|
c.Next()
|
|
|
|
// Calculate request time
|
|
latency := time.Since(start)
|
|
|
|
// Get status
|
|
status := c.Writer.Status()
|
|
|
|
// Log request details
|
|
logger.Info("API Request",
|
|
zap.String("method", c.Request.Method),
|
|
zap.String("path", path),
|
|
zap.String("query", query),
|
|
zap.Int("status", status),
|
|
zap.Duration("latency", latency),
|
|
zap.String("ip", c.ClientIP()),
|
|
zap.String("user-agent", c.Request.UserAgent()),
|
|
)
|
|
}
|
|
}
|
|
|
|
// AuditLog middleware records detailed information about DICOM requests
|
|
func AuditLog(logger *zap.Logger) gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
// We'll extract user info here when auth is implemented
|
|
userID := "anonymous"
|
|
if id, exists := c.Get("userID"); exists {
|
|
userID = id.(string)
|
|
}
|
|
|
|
path := c.Request.URL.Path
|
|
method := c.Request.Method
|
|
|
|
// Process request
|
|
c.Next()
|
|
|
|
// Audit log after request completes
|
|
logger.Info("DICOM Access",
|
|
zap.String("userID", userID),
|
|
zap.String("action", method),
|
|
zap.String("resource", path),
|
|
zap.Int("status", c.Writer.Status()),
|
|
)
|
|
}
|
|
}
|
|
|
|
// CORS middleware to handle cross-origin requests
|
|
func CORS(allowedOrigins []string) gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
origin := c.Request.Header.Get("Origin")
|
|
|
|
// Check if origin is allowed
|
|
allowed := false
|
|
for _, o := range allowedOrigins {
|
|
if o == "*" || o == origin {
|
|
allowed = true
|
|
break
|
|
}
|
|
}
|
|
|
|
// Set CORS headers if allowed
|
|
if allowed {
|
|
c.Header("Access-Control-Allow-Origin", origin)
|
|
c.Header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
|
|
c.Header("Access-Control-Allow-Headers", "Origin, Content-Type, Content-Length, Accept-Encoding, Authorization")
|
|
c.Header("Access-Control-Allow-Credentials", "true")
|
|
}
|
|
|
|
// Handle preflight requests
|
|
if c.Request.Method == "OPTIONS" {
|
|
c.AbortWithStatus(204)
|
|
return
|
|
}
|
|
|
|
c.Next()
|
|
}
|
|
}
|