marketing-shibata50/multica
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(server): consolidate workspace permission checks into middleware

Browse source 
Move workspace membership and role validation from individual handlers
into dedicated Chi middleware. The new middleware resolves workspace ID
(from query param, X-Workspace-ID header, or URL param), validates
membership via DB, and injects the member into request context.

Handlers now read workspace ID and member from context instead of
calling requireWorkspaceMember/requireWorkspaceRole directly. This
eliminates ~17 duplicated permission checks across handlers and makes
it harder to accidentally omit access control on new routes.
This commit is contained in:
Jiayuan 2026-03-30 03:40:20 +08:00
parent e1e4079da1
commit f4a6e7c475
8 changed files with 198 additions and 64 deletions
Download patch file Download diff file Expand all files Collapse all files

3
server/internal/handler/runtime.go
View file

@ -194,9 +194,6 @@ func (h *Handler) GetRuntimeTaskActivity(w http.ResponseWriter, r *http.Request)
func (h *Handler) ListAgentRuntimes(w http.ResponseWriter, r *http.Request) {
workspaceID := resolveWorkspaceID(r)
if _, ok := h.requireWorkspaceMember(w, r, workspaceID, "workspace not found"); !ok {
return
}
runtimes, err := h.Queries.ListAgentRuntimes(r.Context(), parseUUID(workspaceID))
if err != nil {