senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/veza-backend-api/internal/config/middlewares_init.go
senke f9120c322b
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Details
Backend API CI / test-integration (push) Failing after 0s
Details
Frontend CI / test (push) Failing after 0s
Details
Storybook Audit / Build & audit Storybook (push) Failing after 0s
Details
Stream Server CI / test (push) Failing after 0s
Details
release(v0.903): Vault - ORDER BY whitelist, rate limiter, VERSION sync, chat-server cleanup, Go 1.24 
- ORDER BY dynamiques : whitelist explicite, fallback created_at DESC
- Login/register soumis au rate limiter global
- VERSION sync + check CI
- Nettoyage références veza-chat-server
- Go 1.24 partout (Dockerfile, workflows)
- TODO/FIXME/HACK convertis en issues ou résolus
2026-02-27 09:43:25 +01:00

91 lines
3.5 KiB
Go
Raw Blame History

package config
import (
"time"
"github.com/gin-gonic/gin"
"veza-backend-api/internal/middleware"
)
// InitMiddlewaresForTest initializes middlewares for integration/E2E tests.
// Exported for use by internal/integration and tests packages.
func (c *Config) InitMiddlewaresForTest() error {
return c.initMiddlewares()
}
// initMiddlewares initialise tous les middlewares
func (c *Config) initMiddlewares() error {
// Rate limiter global (avec Redis)
// En développement, augmenter les limites pour éviter les erreurs lors des tests
ipLimit := getEnvInt("RATE_LIMIT_IP_PER_MINUTE", 200) // Augmenté de 100 à 200 en dev
ipBurst := getEnvInt("RATE_LIMIT_IP_BURST", 20) // Augmenté de 10 à 20 en dev
userLimit := getEnvInt("RATE_LIMIT_USER_PER_MINUTE", 1000)
userBurst := getEnvInt("RATE_LIMIT_USER_BURST", 100)
rateLimiterConfig := &middleware.RateLimiterConfig{
IPRequestsPerMinute: ipLimit,
IPBurst: ipBurst,
UserRequestsPerMinute: userLimit,
UserBurst: userBurst,
RedisClient: c.RedisClient,
KeyPrefix: "veza:rate_limit",
}
c.RateLimiter = middleware.NewRateLimiter(rateLimiterConfig)
// Simple rate limiter (T0015) - sans dépendance Redis
window := time.Duration(c.RateLimitWindow) * time.Second
c.SimpleRateLimiter = middleware.NewSimpleRateLimiter(c.RateLimitLimit, window)
// Rate limiter par endpoint
endpointLimiterConfig := &middleware.EndpointLimiterConfig{
RedisClient: c.RedisClient,
KeyPrefix: "veza:endpoint_limit",
}
endpointLimits := middleware.DefaultEndpointLimits()
// Override defaults with config (PR-3)
endpointLimits.LoginAttempts = c.AuthRateLimitLoginAttempts
endpointLimits.LoginWindow = time.Duration(c.AuthRateLimitLoginWindow) * time.Minute
// A04: Limites register assouplies en dev (20/heure au lieu de 3/heure)
endpointLimits.RegisterAttempts = getDefaultRegisterAttempts(c.Env)
endpointLimits.RegisterWindow = time.Hour
c.EndpointLimiter = middleware.NewEndpointLimiter(endpointLimiterConfig, endpointLimits)
// BE-SVC-002: Initialize per-user rate limiter
userRateLimiterConfig := &middleware.UserRateLimiterConfig{
RequestsPerMinute: getEnvAsInt("USER_RATE_LIMIT_PER_MINUTE", 1000), // Default: 1000 requests per minute per user
Burst: getEnvAsInt("USER_RATE_LIMIT_BURST", 100), // Default: 100 burst
Window: time.Minute,
RedisClient: c.RedisClient,
KeyPrefix: "user_rate_limit",
Logger: c.Logger,
}
c.UserRateLimiter = middleware.NewUserRateLimiter(userRateLimiterConfig)
// Middleware d'authentification (supports JWT and X-API-Key for developer keys)
c.AuthMiddleware = middleware.NewAuthMiddleware(
c.SessionService,
c.AuditService,
c.PermissionService,
c.JWTService,
c.UserService,
c.APIKeyService,
c.TokenBlacklist, // VEZA-SEC-006: nil if Redis unavailable (implements TokenBlacklistChecker)
c.Logger,
)
if c.PresenceService != nil {
c.AuthMiddleware.SetPresenceService(c.PresenceService)
}
return nil
}
// SetupMiddleware configure les middlewares globaux
// DÉPRÉCIÉ : Cette méthode est conservée pour compatibilité mais ne fait plus rien
// Les middlewares globaux sont maintenant configurés dans internal/api/router.go via APIRouter.Setup()
// NOTE: CORS could use c.CORSOrigins from config in api/router.go
func (c *Config) SetupMiddleware(router *gin.Engine) {
// No-op : Les middlewares sont configurés dans api/router.go
// Cette méthode existe uniquement pour compatibilité avec cmd/main.go (legacy)
// qui sera désactivé dans le Chantier 1 - Étape 2
}
Reference in a new issue View git blame Copy permalink