feat(backend): spot - refactor

.gitignore

@@ -1,6 +1,8 @@
 public
 .cache
 node_modules
+backend/pkg/mod
+backend/pkg/sumdb
 *DS_Store
 *.env
 *.log

backend.iml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+  <component name="Go" enabled="true" />
+  <component name="NewModuleRootManager" inherit-compiler-output="true">
+    <exclude-output />
+    <content url="file://$MODULE_DIR$/backend" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

backend/cmd/analytics/main.go

@@ -0,0 +1,106 @@
+package main
+
+import (
+	"context"
+	"github.com/gorilla/mux"
+	"net/http"
+	"openreplay/backend/internal/http/server"
+	"openreplay/backend/pkg/analytics"
+	"openreplay/backend/pkg/analytics/api"
+	"openreplay/backend/pkg/common"
+	"openreplay/backend/pkg/common/api/auth"
+	"openreplay/backend/pkg/common/middleware"
+	"openreplay/backend/pkg/db/postgres/pool"
+	"openreplay/backend/pkg/logger"
+	"os"
+	"os/signal"
+	"syscall"
+	"time"
+
+	config "openreplay/backend/internal/config/analytics"
+)
+
+func main() {
+	ctx := context.Background()
+	log := logger.New()
+	cfg := config.New(log)
+
+	pgConn, err := pool.New(cfg.Postgres.String())
+	if err != nil {
+		log.Fatal(ctx, "can't init postgres connection: %s", err)
+	}
+	defer pgConn.Close()
+
+	services := analytics.NewServiceBuilder(log, cfg)
+
+	if err != nil {
+		log.Fatal(ctx, "can't init services: %s", err)
+	}
+
+	// Define excluded paths for this service
+	excludedPaths := map[string]map[string]bool{
+		//"/v1/ping":  {"GET": true},
+		//"/v1/spots": {"POST": true},
+	}
+
+	// Define permission fetching logic
+	getPermissions := func(path string) []string {
+		// Example logic to return permissions based on path
+		if path == "/v1/admin" {
+			return []string{"admin"}
+		}
+		return []string{"user"}
+	}
+
+	authOptionsSelector := func(r *http.Request) *auth.Options {
+		pathTemplate, err := mux.CurrentRoute(r).GetPathTemplate()
+		if err != nil {
+			log.Error(r.Context(), "failed to get path template: %s", err)
+			return nil // Use default options if there’s an error
+		}
+
+		// Customize based on route and method
+		if pathTemplate == "/v1/spots/{id}/uploaded" && r.Method == "POST" {
+			column := "spot_jwt_iat"
+			secret := cfg.JWTSpotSecret
+			return &auth.Options{JwtColumn: column, Secret: secret}
+		}
+
+		// Return nil to signal default options in AuthMiddleware
+		return nil
+	}
+
+	authMiddleware := middleware.AuthMiddleware(services.Auth, log, excludedPaths, getPermissions, authOptionsSelector)
+	limiterMiddleware := middleware.RateLimit(common.NewUserRateLimiter(10, 30, 1*time.Minute, 5*time.Minute))
+
+	router, err := api.NewRouter(cfg, log, services)
+	router.Use(middleware.CORS(cfg.UseAccessControlHeaders))
+	router.Use(authMiddleware)
+	router.Use(limiterMiddleware)
+	router.Use(middleware.Action())
+
+	if err != nil {
+		log.Fatal(ctx, "failed while creating router: %s", err)
+	}
+
+	analyticsServer, err := server.New(router.GetHandler(), cfg.HTTPHost, cfg.HTTPPort, cfg.HTTPTimeout)
+	if err != nil {
+		log.Fatal(ctx, "failed while creating server: %s", err)
+	}
+
+	go func() {
+		if err := analyticsServer.Start(); err != nil {
+			log.Fatal(ctx, "http server error: %s", err)
+		}
+	}()
+
+	log.Info(ctx, "server successfully started on port %s", cfg.HTTPPort)
+
+	// Wait stop signal to shut down server gracefully
+	sigchan := make(chan os.Signal, 1)
+	signal.Notify(sigchan, syscall.SIGINT, syscall.SIGTERM)
+	<-sigchan
+	log.Info(ctx, "shutting down the server")
+	analyticsServer.Stop()
+
+}

backend/cmd/spot/main.go

@@ -10,7 +10,6 @@ import (
 
 	spotConfig "openreplay/backend/internal/config/spot"
 	"openreplay/backend/internal/http/server"
-	"openreplay/backend/pkg/db/postgres/pool"
 	"openreplay/backend/pkg/logger"
 	"openreplay/backend/pkg/metrics"
 	databaseMetrics "openreplay/backend/pkg/metrics/database"
@@ -23,13 +22,7 @@ func main() {
 	cfg := spotConfig.New(log)
 	metrics.New(log, append(spotMetrics.List(), databaseMetrics.List()...))
 
-	pgConn, err := pool.New(cfg.Postgres.String())
+	services, err := spot.NewServiceBuilder(log, cfg)
-	if err != nil {
-		log.Fatal(ctx, "can't init postgres connection: %s", err)
-	}
-	defer pgConn.Close()
-
-	services, err := spot.NewServiceBuilder(log, cfg, pgConn)
 	if err != nil {
 		log.Fatal(ctx, "can't init services: %s", err)
 	}

backend/internal/config/analytics/config.go

@@ -0,0 +1,37 @@
+package analytics
+
+import (
+	"time"
+
+	"openreplay/backend/internal/config/common"
+	"openreplay/backend/internal/config/configurator"
+	"openreplay/backend/internal/config/objectstorage"
+	"openreplay/backend/internal/config/redis"
+	"openreplay/backend/pkg/env"
+	"openreplay/backend/pkg/logger"
+)
+
+type Config struct {
+	common.Config
+	common.Postgres
+	redis.Redis
+	objectstorage.ObjectsConfig
+	FSDir string `env:"FS_DIR,required"`
+
+	HTTPHost                string        `env:"HTTP_HOST,default="`
+	HTTPPort                string        `env:"HTTP_PORT,required"`
+	HTTPTimeout             time.Duration `env:"HTTP_TIMEOUT,default=60s"`
+	JsonSizeLimit           int64         `env:"JSON_SIZE_LIMIT,default=131072"` // 128KB
+	UseAccessControlHeaders bool          `env:"USE_CORS,default=false"`
+	ProjectExpiration       time.Duration `env:"PROJECT_EXPIRATION,default=10m"`
+	JWTSecret               string        `env:"JWT_SECRET,required"`
+	JWTSpotSecret           string        `env:"JWT_SPOT_SECRET,required"`              // TODO: remove this
+	MinimumStreamDuration   int           `env:"MINIMUM_STREAM_DURATION,default=15000"` // 15s
+	WorkerID                uint16
+}
+
+func New(log logger.Logger) *Config {
+	cfg := &Config{WorkerID: env.WorkerID()}
+	configurator.Process(log, cfg)
+	return cfg
+}

backend/pkg/analytics/api/handler.go

@@ -0,0 +1,264 @@
+package api
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/gorilla/mux"
+	"net/http"
+	"strconv"
+	"time"
+)
+
+func (e *Router) spotTest(w http.ResponseWriter, r *http.Request) {
+	w.WriteHeader(http.StatusOK)
+	w.Write([]byte("Welcome to NSE Live API"))
+}
+
+func (e *Router) createDashboard(w http.ResponseWriter, r *http.Request) {
+	startTime := time.Now()
+	bodySize := 0
+
+	bodyBytes, err := e.ReadBody(w, r, e.cfg.JsonSizeLimit)
+	if err != nil {
+		e.ResponseWithError(r.Context(), w, http.StatusRequestEntityTooLarge, err, startTime, r.URL.Path, bodySize)
+		return
+	}
+	bodySize = len(bodyBytes)
+
+	req := &CreateDashboardRequest{}
+	if err := json.Unmarshal(bodyBytes, req); err != nil {
+		e.ResponseWithError(r.Context(), w, http.StatusBadRequest, err, startTime, r.URL.Path, bodySize)
+		return
+	}
+
+	resp := &CreateDashboardResponse{
+		DashboardID: 1,
+	}
+
+	e.ResponseWithJSON(r.Context(), w, resp, startTime, r.URL.Path, bodySize)
+}
+
+func (e *Router) getDashboard(w http.ResponseWriter, r *http.Request) {
+
+}
+
+func (e *Router) getDashboards(w http.ResponseWriter, r *http.Request) {
+	params := r.URL.Query()
+	page := params.Get("page")
+	limit := params.Get("limit")
+	pageNum, _ := strconv.ParseUint(page, 10, 64)
+	limitNum, _ := strconv.ParseUint(limit, 10, 64)
+
+	req := &GetDashboardsRequest{
+		Page:     pageNum,
+		Limit:    limitNum,
+		Order:    params.Get("order"),
+		Query:    params.Get("query"),
+		FilterBy: params.Get("filterBy"),
+	}
+
+	// if err != nil {
+	// 	e.ResponseWithError(r.Context(), w, http.StatusBadRequest, err, time.Now(), r.URL.Path, 0)
+	// 	return
+	// }
+
+	fmt.Printf("req: %+v\n", req)
+
+	resp := &GetDashboardsResponse{
+		Dashboards: []Dashboard{
+			{
+				DashboardID: 1,
+				Name:        "Dashboard 1",
+				Description: "Description 1",
+				IsPublic:    true,
+				IsPinned:    true,
+			},
+			{
+				DashboardID: 2,
+				Name:        "Dashboard 2",
+				Description: "Description 2",
+				IsPublic:    false,
+				IsPinned:    false,
+			},
+		},
+	}
+
+	e.ResponseWithJSON(r.Context(), w, resp, time.Now(), r.URL.Path, 0)
+}
+
+func (e *Router) updateDashboard(w http.ResponseWriter, r *http.Request) {
+	startTime := time.Now()
+	bodySize := 0
+
+	id, err := getDashboardId(r)
+	if err != nil {
+		e.ResponseWithError(r.Context(), w, http.StatusBadRequest, err, startTime, r.URL.Path, bodySize)
+		return
+	}
+
+	bodyBytes, err := e.ReadBody(w, r, e.cfg.JsonSizeLimit)
+	if err != nil {
+		e.ResponseWithError(r.Context(), w, http.StatusRequestEntityTooLarge, err, startTime, r.URL.Path, bodySize)
+		return
+	}
+
+	bodySize = len(bodyBytes)
+
+	req := &UpdateDashboardRequest{}
+	if err := json.Unmarshal(bodyBytes, req); err != nil {
+		e.ResponseWithError(r.Context(), w, http.StatusBadRequest, err, startTime, r.URL.Path, bodySize)
+		return
+	}
+
+	resp := &UpdateDashboardResponse{
+		DashboardID: id,
+	}
+	e.ResponseWithJSON(r.Context(), w, resp, startTime, r.URL.Path, bodySize)
+}
+
+func (e *Router) deleteDashboard(w http.ResponseWriter, r *http.Request) {
+	startTime := time.Now()
+	bodySize := 0
+
+	id, err := getDashboardId(r)
+	if err != nil {
+		e.ResponseWithError(r.Context(), w, http.StatusBadRequest, err, startTime, r.URL.Path, bodySize)
+		return
+	}
+
+	resp := &DeleteDashboardResponse{
+		DashboardID: id,
+	}
+	e.ResponseWithJSON(r.Context(), w, resp, startTime, r.URL.Path, bodySize)
+}
+
+func (e *Router) pinDashboard(w http.ResponseWriter, r *http.Request) {
+	startTime := time.Now()
+	bodySize := 0
+
+	id, err := getDashboardId(r)
+	if err != nil {
+		e.ResponseWithError(r.Context(), w, http.StatusBadRequest, err, startTime, r.URL.Path, bodySize)
+		return
+	}
+
+	resp := &UpdateDashboardResponse{
+		DashboardID: id,
+	}
+	e.ResponseWithJSON(r.Context(), w, resp, startTime, r.URL.Path, bodySize)
+}
+
+func (e *Router) addCardToDashboard(w http.ResponseWriter, r *http.Request) {
+	startTime := time.Now()
+	bodySize := 0
+
+	id, err := getDashboardId(r)
+	if err != nil {
+		e.ResponseWithError(r.Context(), w, http.StatusBadRequest, err, startTime, r.URL.Path, bodySize)
+		return
+	}
+
+	bodyBytes, err := e.ReadBody(w, r, e.cfg.JsonSizeLimit)
+	if err != nil {
+		e.ResponseWithError(r.Context(), w, http.StatusRequestEntityTooLarge, err, startTime, r.URL.Path, bodySize)
+		return
+	}
+
+	bodySize = len(bodyBytes)
+
+	req := &UpdateDashboardResponse{}
+	if err := json.Unmarshal(bodyBytes, req); err != nil {
+		e.ResponseWithError(r.Context(), w, http.StatusBadRequest, err, startTime, r.URL.Path, bodySize)
+		return
+	}
+
+	resp := &UpdateDashboardResponse{
+		DashboardID: id,
+	}
+	e.ResponseWithJSON(r.Context(), w, resp, startTime, r.URL.Path, bodySize)
+}
+
+func (e *Router) createMetricAndAddToDashboard(w http.ResponseWriter, r *http.Request) {
+	startTime := time.Now()
+	bodySize := 0
+
+	id, err := getDashboardId(r)
+	if err != nil {
+		e.ResponseWithError(r.Context(), w, http.StatusBadRequest, err, startTime, r.URL.Path, bodySize)
+		return
+	}
+
+	bodyBytes, err := e.ReadBody(w, r, e.cfg.JsonSizeLimit)
+	if err != nil {
+		e.ResponseWithError(r.Context(), w, http.StatusRequestEntityTooLarge, err, startTime, r.URL.Path, bodySize)
+		return
+	}
+
+	bodySize = len(bodyBytes)
+
+	req := &UpdateDashboardRequest{}
+	if err := json.Unmarshal(bodyBytes, req); err != nil {
+		e.ResponseWithError(r.Context(), w, http.StatusBadRequest, err, startTime, r.URL.Path, bodySize)
+		return
+	}
+
+	resp := &UpdateDashboardResponse{
+		DashboardID: id,
+	}
+	e.ResponseWithJSON(r.Context(), w, resp, startTime, r.URL.Path, bodySize)
+}
+
+func (e *Router) updateWidgetInDashboard(w http.ResponseWriter, r *http.Request) {
+	startTime := time.Now()
+	bodySize := 0
+
+	id, err := getDashboardId(r)
+	if err != nil {
+		e.ResponseWithError(r.Context(), w, http.StatusBadRequest, err, startTime, r.URL.Path, bodySize)
+		return
+	}
+
+	bodyBytes, err := e.ReadBody(w, r, e.cfg.JsonSizeLimit)
+	if err != nil {
+		e.ResponseWithError(r.Context(), w, http.StatusRequestEntityTooLarge, err, startTime, r.URL.Path, bodySize)
+		return
+	}
+
+	bodySize = len(bodyBytes)
+
+	req := &UpdateDashboardRequest{}
+	if err := json.Unmarshal(bodyBytes, req); err != nil {
+		e.ResponseWithError(r.Context(), w, http.StatusBadRequest, err, startTime, r.URL.Path, bodySize)
+		return
+	}
+
+	resp := &UpdateDashboardResponse{
+		DashboardID: id,
+	}
+	e.ResponseWithJSON(r.Context(), w, resp, startTime, r.URL.Path, bodySize)
+}
+
+func (e *Router) removeWidgetFromDashboard(w http.ResponseWriter, r *http.Request) {
+	startTime := time.Now()
+	bodySize := 0
+
+	id, err := getDashboardId(r)
+	if err != nil {
+		e.ResponseWithError(r.Context(), w, http.StatusBadRequest, err, startTime, r.URL.Path, bodySize)
+		return
+	}
+
+	resp := &DeleteDashboardResponse{
+		DashboardID: id,
+	}
+	e.ResponseWithJSON(r.Context(), w, resp, startTime, r.URL.Path, bodySize)
+}
+
+func getDashboardId(r *http.Request) (int, error) {
+	vars := mux.Vars(r)
+	id, err := strconv.Atoi(vars["dashboardId"])
+	if err != nil {
+		return 0, err
+	}
+	return id, nil
+}

backend/pkg/analytics/api/model.go

@@ -0,0 +1,62 @@
+package api
+
+type CreateDashboardRequest struct {
+	Name        string `json:"name"`
+	Description string `json:"description"`
+	IsPublic    bool   `json:"is_public"`
+	IsPinned    bool   `json:"is_pinned"`
+	Metrics     []int  `json:"metrics"`
+}
+
+type GetDashboardsRequest struct {
+	Page     uint64 `json:"page"`
+	Limit    uint64 `json:"limit"`
+	Order    string `json:"order"`
+	Query    string `json:"query"`
+	FilterBy string `json:"filterBy"`
+}
+
+type CreateDashboardResponse struct {
+	DashboardID int `json:"dashboard_id"`
+}
+
+type Dashboard struct {
+	DashboardID int    `json:"dashboard_id"`
+	Name        string `json:"name"`
+	Description string `json:"description"`
+	IsPublic    bool   `json:"is_public"`
+	IsPinned    bool   `json:"is_pinned"`
+}
+
+type GetDashboardResponse struct {
+	Dashboard *Dashboard `json:"dashboard"`
+}
+
+type GetDashboardsResponse struct {
+	Dashboards []Dashboard `json:"dashboards"`
+}
+
+type UpdateDashboardRequest struct {
+	Name        string `json:"name"`
+	Description string `json:"description"`
+	IsPublic    bool   `json:"is_public"`
+	IsPinned    bool   `json:"is_pinned"`
+	Metrics     []int  `json:"metrics"`
+}
+
+type UpdateDashboardResponse struct {
+	DashboardID int `json:"dashboard_id"`
+}
+
+type DeleteDashboardResponse struct {
+	DashboardID int `json:"dashboard_id"`
+}
+
+type Dashboards interface {
+	Add(projectID int, dashboard *Dashboard) error
+	Create(projectID int, dashboard *Dashboard) error
+	Get(projectID int, dashboardID int) (*Dashboard, error)
+	GetAll(projectID int) ([]Dashboard, error)
+	Update(projectID int, dashboardID int, dashboard *Dashboard) error
+	Delete(projectID int, dashboardID int) error
+}

backend/pkg/analytics/api/router.go

@@ -0,0 +1,49 @@
+package api
+
+import (
+	"fmt"
+	analyticsConfig "openreplay/backend/internal/config/analytics"
+	"openreplay/backend/pkg/analytics"
+	"openreplay/backend/pkg/common"
+	"openreplay/backend/pkg/common/api"
+	"openreplay/backend/pkg/logger"
+)
+
+type Router struct {
+	*api.Router
+	cfg     *analyticsConfig.Config
+	limiter *common.UserRateLimiter
+}
+
+func NewRouter(cfg *analyticsConfig.Config, log logger.Logger, services *analytics.ServiceBuilder) (*Router, error) {
+	switch {
+	case cfg == nil:
+		return nil, fmt.Errorf("config is empty")
+	case services == nil:
+		return nil, fmt.Errorf("services is empty")
+	case log == nil:
+		return nil, fmt.Errorf("logger is empty")
+	}
+
+	e := &Router{
+		Router:  api.NewRouter(log),
+		cfg:     cfg,
+		limiter: common.NewUserRateLimiter(10, 30, 1, 5),
+	}
+	e.init()
+	return e, nil
+}
+
+func (e *Router) init() {
+	e.AddRoute("/{projectId}/dashboards", e.createDashboard, "POST")
+	e.AddRoute("/v1/spots/{id}/uploaded", e.spotTest, "POST")
+	e.AddRoute("/{projectId}/dashboards", e.getDashboards, "GET")
+	e.AddRoute("/{projectId}/dashboards/{dashboardId}", e.getDashboard, "GET")
+	e.AddRoute("/{projectId}/dashboards/{dashboardId}", e.updateDashboard, "PUT")
+	e.AddRoute("/{projectId}/dashboards/{dashboardId}", e.deleteDashboard, "DELETE")
+	e.AddRoute("/{projectId}/dashboards/{dashboardId}/pin", e.pinDashboard, "GET")
+	e.AddRoute("/{projectId}/dashboards/{dashboardId}/cards", e.addCardToDashboard, "POST")
+	e.AddRoute("/{projectId}/dashboards/{dashboardId}/metrics", e.createMetricAndAddToDashboard, "POST")
+	e.AddRoute("/{projectId}/dashboards/{dashboardId}/widgets/{widgetId}", e.updateWidgetInDashboard, "PUT")
+	e.AddRoute("/{projectId}/dashboards/{dashboardId}/widgets/{widgetId}", e.removeWidgetFromDashboard, "DELETE")
+}

backend/pkg/analytics/builder.go

@@ -0,0 +1,22 @@
+package analytics
+
+import (
+	"openreplay/backend/internal/config/analytics"
+	"openreplay/backend/pkg/common"
+	"openreplay/backend/pkg/logger"
+)
+
+type ServiceBuilder struct {
+	*common.ServicesBuilder
+}
+
+func NewServiceBuilder(log logger.Logger, cfg *analytics.Config) *ServiceBuilder {
+	builder := common.NewServiceBuilder(log).
+		WithDatabase(cfg.Postgres.String()).
+		WithJWTSecret(cfg.JWTSecret, cfg.JWTSpotSecret).
+		WithObjectStorage(&cfg.ObjectsConfig)
+
+	return &ServiceBuilder{
+		ServicesBuilder: builder,
+	}
+}

backend/pkg/analytics/service/card.go

@@ -0,0 +1 @@
+package service

backend/pkg/analytics/service/dashboard.go

@@ -0,0 +1,92 @@
+package service
+
+import (
+	"fmt"
+	"time"
+
+	"openreplay/backend/pkg/db/postgres/pool"
+	"openreplay/backend/pkg/flakeid"
+	"openreplay/backend/pkg/logger"
+)
+
+type dashboardsImpl struct {
+	flaker *flakeid.Flaker
+	log    logger.Logger
+	pgconn pool.Pool
+}
+
+type Dashboard struct {
+	DashboardID int    `json:"dashboard_id"`
+	Name        string `json:"name"`
+	Description string `json:"description"`
+	IsPublic    bool   `json:"is_public"`
+	IsPinned    bool   `json:"is_pinned"`
+	Metrics     []int  `json:"metrics"`
+}
+
+type CurrentContext struct {
+	UserID int `json:"user_id"`
+}
+
+type Dashboards interface {
+	Create(projectID int, dashboard *Dashboard) error
+	Get(projectID int, dashboardID int) (*Dashboard, error)
+	Update(projectID int, dashboardID int, dashboard *Dashboard) error
+	Delete(projectID int, dashboardID int) error
+}
+
+func NewDashboards(log logger.Logger, pgconn pool.Pool, flaker *flakeid.Flaker) Dashboards {
+	return &dashboardsImpl{
+		log:    log,
+		pgconn: pgconn,
+		flaker: flaker,
+	}
+}
+
+func (d *dashboardsImpl) Create(projectID int, dashboard *Dashboard) error {
+	switch {
+	case projectID == 0:
+		return fmt.Errorf("projectID is required")
+	case dashboard == nil:
+		return fmt.Errorf("dashboard is required")
+	}
+
+	createdAt := time.Now()
+	dashboardID, err := d.flaker.Compose(uint64(createdAt.UnixMilli()))
+	if err != nil {
+		return err
+	}
+	newDashboard := &Dashboard{
+		DashboardID: int(dashboardID),
+		Name:        dashboard.Name,
+		Description: dashboard.Description,
+		IsPublic:    dashboard.IsPublic,
+		IsPinned:    dashboard.IsPinned,
+		Metrics:     dashboard.Metrics,
+	}
+
+	if err := d.add(newDashboard); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// Delete implements Dashboards.
+func (d *dashboardsImpl) Delete(projectID int, dashboardID int) error {
+	panic("unimplemented")
+}
+
+// Get implements Dashboards.
+func (d *dashboardsImpl) Get(projectID int, dashboardID int) (*Dashboard, error) {
+	panic("unimplemented")
+}
+
+// Update implements Dashboards.
+func (d *dashboardsImpl) Update(projectID int, dashboardID int, dashboard *Dashboard) error {
+	panic("unimplemented")
+}
+
+func (d *dashboardsImpl) add(dashboard *Dashboard) error {
+	panic("unimplemented")
+}

backend/pkg/analytics/service/timeseries.go

@@ -0,0 +1 @@
+package service

backend/pkg/common/api/auth/auth.go

@@ -0,0 +1,76 @@
+package auth
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/golang-jwt/jwt/v5"
+
+	"openreplay/backend/pkg/db/postgres/pool"
+	"openreplay/backend/pkg/logger"
+)
+
+// Options struct to hold optional JWT column and secret
+type Options struct {
+	JwtColumn string // The JWT column to use (e.g., "jwt_iat" or "spot_jwt_iat")
+	Secret    string // An optional secret; if nil, default secret is used
+}
+
+type Auth interface {
+	IsAuthorized(authHeader string, permissions []string, options Options) (*User, error)
+	Secret() string
+	JWTCol() string
+	ExtraSecret() string
+}
+
+type authImpl struct {
+	log         logger.Logger
+	secret      string
+	extraSecret string
+	pgconn      pool.Pool
+	jwtCol      string
+}
+
+func (a *authImpl) Secret() string {
+	return a.secret
+}
+
+func (a *authImpl) JWTCol() string {
+	return a.jwtCol
+}
+
+func (a *authImpl) ExtraSecret() string {
+	return a.extraSecret
+}
+
+func NewAuth(log logger.Logger, jwtCol string, jwtSecret string, extraSecret string, conn pool.Pool) Auth {
+	return &authImpl{
+		log:         log,
+		secret:      jwtSecret,
+		extraSecret: extraSecret,
+		pgconn:      conn,
+		jwtCol:      jwtCol,
+	}
+}
+
+func parseJWT(authHeader, secret string) (*JWTClaims, error) {
+	if authHeader == "" {
+		return nil, fmt.Errorf("authorization header missing")
+	}
+	tokenParts := strings.Split(authHeader, "Bearer ")
+	if len(tokenParts) != 2 {
+		return nil, fmt.Errorf("invalid authorization header")
+	}
+	tokenString := tokenParts[1]
+
+	claims := &JWTClaims{}
+	token, err := jwt.ParseWithClaims(tokenString, claims,
+		func(token *jwt.Token) (interface{}, error) {
+			return []byte(secret), nil
+		})
+	if err != nil || !token.Valid {
+		fmt.Printf("token err: %v\n", err)
+		return nil, fmt.Errorf("invalid token")
+	}
+	return claims, nil
+}

backend/pkg/common/api/auth/authorizer.go

@@ -0,0 +1,12 @@
+package auth
+
+func (a *authImpl) IsAuthorized(authHeader string, permissions []string, options Options) (*User, error) {
+	jwtCol := options.JwtColumn
+	secret := options.Secret
+
+	jwtInfo, err := parseJWT(authHeader, secret)
+	if err != nil {
+		return nil, err
+	}
+	return authUser(a.pgconn, jwtInfo.UserId, jwtInfo.TenantID, int(jwtInfo.IssuedAt.Unix()), jwtCol)
+}

backend/pkg/common/api/auth/model.go

@@ -0,0 +1,34 @@
+package auth
+
+import "github.com/golang-jwt/jwt/v5"
+
+type JWTClaims struct {
+	UserId   int `json:"userId"`
+	TenantID int `json:"tenantId"`
+	jwt.RegisteredClaims
+}
+
+type User struct {
+	ID          uint64          `json:"id"`
+	Name        string          `json:"name"`
+	Email       string          `json:"email"`
+	TenantID    uint64          `json:"tenantId"`
+	JwtIat      int             `json:"jwtIat"`
+	Permissions map[string]bool `json:"permissions"`
+	AuthMethod  string
+}
+
+func (u *User) HasPermission(perm string) bool {
+	if u.Permissions == nil {
+		return true // no permissions
+	}
+	_, ok := u.Permissions[perm]
+	return ok
+}
+
+func abs(x int) int {
+	if x < 0 {
+		return -x
+	}
+	return x
+}

backend/pkg/common/api/auth/storage.go

@@ -0,0 +1,22 @@
+package auth
+
+import (
+	"fmt"
+	"openreplay/backend/pkg/db/postgres/pool"
+)
+
+func authUser(conn pool.Pool, userID, tenantID, jwtIAT int, jwtCol string) (*User, error) {
+	sql := fmt.Sprintf(`
+		SELECT user_id, name, email, EXTRACT(epoch FROM %s)::BIGINT AS jwt_iat
+	   	FROM public.users
+	   	WHERE user_id = $1 AND deleted_at IS NULL
+	   	LIMIT 1;`, jwtCol)
+	user := &User{TenantID: 1, AuthMethod: "jwt"}
+	if err := conn.QueryRow(sql, userID).Scan(&user.ID, &user.Name, &user.Email, &user.JwtIat); err != nil {
+		return nil, fmt.Errorf("user not found") // TODO should be a proper message with error message
+	}
+	if user.JwtIat == 0 || abs(jwtIAT-user.JwtIat) > 1 {
+		return nil, fmt.Errorf("token has been updated")
+	}
+	return user, nil
+}

backend/pkg/common/api/router.go

@@ -0,0 +1,114 @@
+package api
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/gorilla/mux"
+	"io"
+	"net/http"
+	"openreplay/backend/pkg/logger"
+	"sync"
+	"time"
+)
+
+type Router struct {
+	log    logger.Logger
+	router *mux.Router
+	mutex  *sync.RWMutex
+}
+
+func NewRouter(log logger.Logger) *Router {
+	e := &Router{
+		router: mux.NewRouter(),
+		log:    log,
+		mutex:  &sync.RWMutex{},
+	}
+
+	e.router.HandleFunc("/ping", e.ping).Methods("GET")
+	return e
+}
+
+func (e *Router) ping(w http.ResponseWriter, r *http.Request) {
+	w.WriteHeader(http.StatusOK)
+}
+
+func (e *Router) GetHandler() http.Handler {
+	return e.router
+}
+
+func (e *Router) GetRouter() *mux.Router {
+	return e.router
+}
+
+func (e *Router) AddRoute(path string, handler http.HandlerFunc, method string) {
+	e.router.HandleFunc(path, handler).Methods(method)
+}
+
+func (e *Router) Use(middleware func(http.Handler) http.Handler) {
+	e.router.Use(middleware)
+}
+
+type CurrentContext struct {
+	UserID int `json:"user_id"`
+}
+
+func (e *Router) getCurrentContext(r *http.Request) *CurrentContext {
+	// retrieving user info from headers or tokens
+	return &CurrentContext{UserID: 1}
+}
+
+func recordMetrics(requestStart time.Time, url string, code, bodySize int) {
+	// TODO: Implement this
+}
+
+func (e *Router) ReadBody(w http.ResponseWriter, r *http.Request, limit int64) ([]byte, error) {
+	body := http.MaxBytesReader(w, r.Body, limit)
+	bodyBytes, err := io.ReadAll(body)
+
+	// Close body
+	if closeErr := body.Close(); closeErr != nil {
+		e.log.Warn(r.Context(), "error while closing request body: %s", closeErr)
+	}
+	if err != nil {
+		return nil, err
+	}
+	return bodyBytes, nil
+}
+
+func (e *Router) ResponseOK(ctx context.Context, w http.ResponseWriter, requestStart time.Time, url string, bodySize int) {
+	w.WriteHeader(http.StatusOK)
+	e.log.Info(ctx, "response ok")
+	recordMetrics(requestStart, url, http.StatusOK, bodySize)
+}
+
+func (e *Router) ResponseWithJSON(ctx context.Context, w http.ResponseWriter, res interface{}, requestStart time.Time, url string, bodySize int) {
+	e.log.Info(ctx, "response ok")
+	body, err := json.Marshal(res)
+	if err != nil {
+		e.log.Error(ctx, "can't marshal response: %s", err)
+	}
+	w.Header().Set("Content-Type", "application/json")
+	_, err = w.Write(body)
+	if err != nil {
+		return
+	}
+	recordMetrics(requestStart, url, http.StatusOK, bodySize)
+}
+
+type response struct {
+	Error string `json:"error"`
+}
+
+func (e *Router) ResponseWithError(ctx context.Context, w http.ResponseWriter, code int, err error, requestStart time.Time, url string, bodySize int) {
+	e.log.Error(ctx, "response error, code: %d, error: %s", code, err)
+	body, err := json.Marshal(&response{err.Error()})
+	if err != nil {
+		e.log.Error(ctx, "can't marshal response: %s", err)
+	}
+	w.WriteHeader(code)
+	_, err = w.Write(body)
+	if err != nil {
+		return
+	}
+	recordMetrics(requestStart, url, code, bodySize)
+}

backend/pkg/common/api/service/user.go

@@ -0,0 +1,3 @@
+package service
+
+var getUserSQL = `SELECT 1, name, email FROM public.users WHERE user_id = $1 AND deleted_at IS NULL LIMIT 1`

backend/pkg/common/builder.go

@@ -0,0 +1,85 @@
+package common
+
+import (
+	"context"
+	"openreplay/backend/internal/config/common"
+	objConfig "openreplay/backend/internal/config/objectstorage"
+	"openreplay/backend/pkg/common/api/auth"
+	"openreplay/backend/pkg/db/postgres/pool"
+	"openreplay/backend/pkg/flakeid"
+	"openreplay/backend/pkg/logger"
+	"openreplay/backend/pkg/objectstorage"
+	"openreplay/backend/pkg/objectstorage/store"
+)
+
+// ServicesBuilder struct to hold service components
+type ServicesBuilder struct {
+	Config      *common.Config
+	Flaker      *flakeid.Flaker
+	ObjStorage  objectstorage.ObjectStorage
+	Auth        auth.Auth
+	Log         logger.Logger
+	Pgconn      pool.Pool
+	workerID    int
+	jwtSecret   string
+	extraSecret string
+}
+
+// NewServiceBuilder initializes the ServicesBuilder with essential components (logger)
+func NewServiceBuilder(log logger.Logger) *ServicesBuilder {
+	return &ServicesBuilder{
+		Log: log,
+	}
+}
+
+// WithFlaker sets the Flaker component
+func (b *ServicesBuilder) WithFlaker(workerID uint16) *ServicesBuilder {
+	b.Flaker = flakeid.NewFlaker(workerID)
+	return b
+}
+
+// WithObjectStorage sets the Object Storage component
+func (b *ServicesBuilder) WithObjectStorage(config *objConfig.ObjectsConfig) *ServicesBuilder {
+	objStore, err := store.NewStore(config)
+	if err != nil {
+		return nil
+	}
+	b.ObjStorage = objStore
+	return b
+}
+
+// WithAuth sets the Auth component
+func (b *ServicesBuilder) WithAuth(jwtSecret string, extraSecret ...string) *ServicesBuilder {
+	b.jwtSecret = jwtSecret
+	if len(extraSecret) > 0 {
+		b.extraSecret = extraSecret[0]
+	}
+	b.Auth = auth.NewAuth(b.Log, "jwt_iat", b.jwtSecret, b.extraSecret, b.Pgconn)
+	return b
+}
+
+// WithDatabase sets the database connection pool
+func (b *ServicesBuilder) WithDatabase(url string) *ServicesBuilder {
+	pgConn, err := pool.New(url)
+	if err != nil {
+		b.Log.Fatal(context.Background(), "can't init postgres connection: %s", err)
+	}
+
+	b.Pgconn = pgConn
+	return b
+}
+
+// WithWorkerID sets the WorkerID for Flaker
+func (b *ServicesBuilder) WithWorkerID(workerID int) *ServicesBuilder {
+	b.workerID = workerID
+	return b
+}
+
+// WithJWTSecret sets the JWT and optional extra secret for Auth
+func (b *ServicesBuilder) WithJWTSecret(jwtSecret string, extraSecret ...string) *ServicesBuilder {
+	b.jwtSecret = jwtSecret
+	if len(extraSecret) > 0 {
+		b.extraSecret = extraSecret[0]
+	}
+	return b
+}

backend/pkg/common/limiter.go

@@ -0,0 +1,88 @@
+package common
+
+import (
+	"sync"
+	"time"
+)
+
+type RateLimiter struct {
+	rate      int
+	burst     int
+	tokens    int
+	lastToken time.Time
+	lastUsed  time.Time
+	mu        sync.Mutex
+}
+
+func NewRateLimiter(rate int, burst int) *RateLimiter {
+	return &RateLimiter{
+		rate:      rate,
+		burst:     burst,
+		tokens:    burst,
+		lastToken: time.Now(),
+		lastUsed:  time.Now(),
+	}
+}
+
+func (rl *RateLimiter) Allow() bool {
+	rl.mu.Lock()
+	defer rl.mu.Unlock()
+
+	now := time.Now()
+	elapsed := now.Sub(rl.lastToken)
+
+	rl.tokens += int(elapsed.Seconds()) * rl.rate
+	if rl.tokens > rl.burst {
+		rl.tokens = rl.burst
+	}
+
+	rl.lastToken = now
+	rl.lastUsed = now
+
+	if rl.tokens > 0 {
+		rl.tokens--
+		return true
+	}
+	return false
+}
+
+type UserRateLimiter struct {
+	rateLimiters    sync.Map
+	rate            int
+	burst           int
+	cleanupInterval time.Duration
+	maxIdleTime     time.Duration
+}
+
+func NewUserRateLimiter(rate int, burst int, cleanupInterval time.Duration, maxIdleTime time.Duration) *UserRateLimiter {
+	url := &UserRateLimiter{
+		rate:            rate,
+		burst:           burst,
+		cleanupInterval: cleanupInterval,
+		maxIdleTime:     maxIdleTime,
+	}
+	go url.cleanup()
+	return url
+}
+
+func (url *UserRateLimiter) GetRateLimiter(user uint64) *RateLimiter {
+	value, _ := url.rateLimiters.LoadOrStore(user, NewRateLimiter(url.rate, url.burst))
+	return value.(*RateLimiter)
+}
+
+func (url *UserRateLimiter) cleanup() {
+	for {
+		time.Sleep(url.cleanupInterval)
+		now := time.Now()
+
+		url.rateLimiters.Range(func(key, value interface{}) bool {
+			rl := value.(*RateLimiter)
+			rl.mu.Lock()
+			if now.Sub(rl.lastUsed) > url.maxIdleTime {
+				url.rateLimiters.Delete(key)
+			}
+			rl.mu.Unlock()
+			return true
+		})
+	}
+}

backend/pkg/common/middleware/http.go

@@ -0,0 +1,170 @@
+package middleware
+
+import (
+	"bytes"
+	"io"
+	"net/http"
+	"openreplay/backend/pkg/common"
+	"openreplay/backend/pkg/common/api/auth"
+	"openreplay/backend/pkg/logger"
+)
+
+type userData struct{}
+
+func CORS(useAccessControlHeaders bool) func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			if r.URL.Path == "/" {
+				next.ServeHTTP(w, r)
+				return
+			}
+			if useAccessControlHeaders {
+				w.Header().Set("Access-Control-Allow-Origin", "*")
+				w.Header().Set("Access-Control-Allow-Methods", "POST,GET,PATCH,DELETE")
+				w.Header().Set("Access-Control-Allow-Headers", "Content-Type,Authorization,Content-Encoding")
+			}
+			if r.Method == http.MethodOptions {
+				w.Header().Set("Cache-Control", "max-age=86400")
+				w.WriteHeader(http.StatusOK)
+				return
+			}
+			//r = r.WithContext(context.WithValue(r.Context(), "httpMethod", r.Method))
+			//r = r.WithContext(context.WithValue(r.Context(), "url", util.SafeString(r.URL.Path)))
+			//r = r.WithContext(context.WithValues(r.Context(), map[string]interface{}{"httpMethod": r.Method, "url": util.SafeString(r.URL.Path)}))
+			next.ServeHTTP(w, r)
+		})
+	}
+}
+
+// AuthMiddleware function takes dynamic parameters to handle custom authentication logic
+func AuthMiddleware(
+	//services *common.ServicesBuilder, // Injected services (Auth, Keys, etc.)
+	Auth auth.Auth, // Auth interface for authorization
+	log logger.Logger, // Logger for logging events
+	excludedPaths map[string]map[string]bool, // Map of excluded paths with methods
+	getPermissions func(path string) []string,
+	authOptionsSelector func(r *http.Request) *auth.Options, // Function to retrieve permissions for a path
+) func(next http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			if r.URL.Path == "/" {
+				next.ServeHTTP(w, r)
+				return
+			}
+
+			// Exclude specific paths and methods from auth
+			if methods, ok := excludedPaths[r.URL.Path]; ok && methods[r.Method] {
+				next.ServeHTTP(w, r)
+				return
+			}
+
+			authHeader := r.Header.Get("Authorization")
+			if authHeader == "" {
+				log.Warn(r.Context(), "Authorization header missing")
+				w.WriteHeader(http.StatusUnauthorized)
+				return
+			}
+
+			// Get AuthOptions for the request
+			options := auth.Options{
+				JwtColumn: Auth.JWTCol(), // Default JWT column from ServicesBuilder
+				Secret:    Auth.Secret(), // Default secret from ServicesBuilder
+			}
+
+			if authOptionsSelector != nil {
+				selectorOptions := authOptionsSelector(r)
+				if selectorOptions != nil {
+					// Override defaults with values from selectorOptions
+					if selectorOptions.JwtColumn != "" {
+						options.JwtColumn = selectorOptions.JwtColumn
+					}
+					if selectorOptions.Secret != "" {
+						options.Secret = selectorOptions.Secret
+					}
+				}
+			}
+
+			// Check if this request is authorized
+			//user, err := Auth.IsAuthorized(authHeader, getPermissions(r.URL.Path), options)
+			//if err != nil {
+			//	log.Warn(r.Context(), "Unauthorized request: %s", err)
+			//	w.WriteHeader(http.StatusUnauthorized)
+			//	return
+			//}
+			//
+			//// Add userData to the context for downstream handlers
+			//r = r.WithContext(context.WithValues(r.Context(), map[string]interface{}{"userData": user}))
+
+			// Call the next handler with the modified request
+			next.ServeHTTP(w, r)
+		})
+	}
+}
+
+// GetUserData Helper function to retrieve userData from the request context
+func GetUserData(r *http.Request) (*auth.User, bool) {
+	user, ok := r.Context().Value(userData{}).(*auth.User)
+	return user, ok
+}
+
+// RateLimit General rate-limiting middleware
+func RateLimit(limiter *common.UserRateLimiter) func(next http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			if r.URL.Path == "/" {
+				next.ServeHTTP(w, r)
+				return
+			}
+			user, ok := GetUserData(r)
+			if !ok {
+				w.WriteHeader(http.StatusUnauthorized)
+				return
+			}
+			rl := limiter.GetRateLimiter(user.ID)
+			if !rl.Allow() {
+				w.WriteHeader(http.StatusTooManyRequests)
+				return
+			}
+			next.ServeHTTP(w, r)
+		})
+	}
+}
+
+type statusWriter struct {
+	http.ResponseWriter
+	statusCode int
+}
+
+func (w *statusWriter) WriteHeader(statusCode int) {
+	w.statusCode = statusCode
+	w.ResponseWriter.WriteHeader(statusCode)
+}
+
+func (w *statusWriter) Write(b []byte) (int, error) {
+	if w.statusCode == 0 {
+		w.statusCode = http.StatusOK // Default status code is 200
+	}
+	return w.ResponseWriter.Write(b)
+}
+
+func Action() func(next http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			if r.URL.Path == "/" {
+				next.ServeHTTP(w, r)
+			}
+			// Read body and restore the io.ReadCloser to its original state
+			bodyBytes, err := io.ReadAll(r.Body)
+			if err != nil {
+				http.Error(w, "can't read body", http.StatusBadRequest)
+				return
+			}
+			r.Body = io.NopCloser(bytes.NewBuffer(bodyBytes))
+			// Use custom response writer to get the status code
+			sw := &statusWriter{ResponseWriter: w}
+			// Serve the request
+			next.ServeHTTP(sw, r)
+			//e.logRequest(r, bodyBytes, sw.statusCode)
+		})
+	}
+}

backend/pkg/spot/api/router.go

@@ -1,28 +1,22 @@
 package api
 
 import (
-	"bytes"
 	"fmt"
-	"io"
 	"net/http"
+	"openreplay/backend/pkg/common"
+	"openreplay/backend/pkg/common/api"
+	"openreplay/backend/pkg/common/middleware"
 	"openreplay/backend/pkg/spot"
-	"openreplay/backend/pkg/spot/auth"
-	"sync"
 	"time"
 
-	"github.com/docker/distribution/context"
-	"github.com/gorilla/mux"
-
 	spotConfig "openreplay/backend/internal/config/spot"
-	"openreplay/backend/internal/http/util"
 	"openreplay/backend/pkg/logger"
 )
 
 type Router struct {
+	*api.Router
 	log      logger.Logger
 	cfg      *spotConfig.Config
-	router   *mux.Router
-	mutex    *sync.RWMutex
 	services *spot.ServicesBuilder
 	limiter  *UserRateLimiter
 }
@@ -37,9 +31,9 @@ func NewRouter(cfg *spotConfig.Config, log logger.Logger, services *spot.Service
 		return nil, fmt.Errorf("logger is empty")
 	}
 	e := &Router{
+		Router:   api.NewRouter(log),
 		log:      log,
 		cfg:      cfg,
-		mutex:    &sync.RWMutex{},
 		services: services,
 		limiter:  NewUserRateLimiter(10, 30, 1*time.Minute, 5*time.Minute),
 	}
@@ -48,166 +42,175 @@ func NewRouter(cfg *spotConfig.Config, log logger.Logger, services *spot.Service
 }
 
 func (e *Router) init() {
-	e.router = mux.NewRouter()
+	//e.router = mux.NewRouter()
-
-	// Root route
-	e.router.HandleFunc("/", e.ping)
 
 	// Spot routes
-	e.router.HandleFunc("/v1/spots", e.createSpot).Methods("POST", "OPTIONS")
+	//e.AddRoute("/v1/spots", e.createSpot, "POST")
-	e.router.HandleFunc("/v1/spots/{id}", e.getSpot).Methods("GET", "OPTIONS")
+	//e.AddRoute("/v1/spots/{id}", e.getSpot, "GET")
-	e.router.HandleFunc("/v1/spots/{id}", e.updateSpot).Methods("PATCH", "OPTIONS")
+	//e.AddRoute("/v1/spots/{id}", e.updateSpot, "PATCH")
-	e.router.HandleFunc("/v1/spots", e.getSpots).Methods("GET", "OPTIONS")
+	e.AddRoute("/v1/spots", e.getSpots, "GET")
-	e.router.HandleFunc("/v1/spots", e.deleteSpots).Methods("DELETE", "OPTIONS")
+	//e.AddRoute("/v1/spots", e.deleteSpots, "DELETE")
-	e.router.HandleFunc("/v1/spots/{id}/comment", e.addComment).Methods("POST", "OPTIONS")
+	//e.AddRoute("/v1/spots/{id}/comment", e.addComment, "POST")
-	e.router.HandleFunc("/v1/spots/{id}/uploaded", e.uploadedSpot).Methods("POST", "OPTIONS")
+	//e.AddRoute("/v1/spots/{id}/uploaded", e.uploadedSpot, "POST")
-	e.router.HandleFunc("/v1/spots/{id}/video", e.getSpotVideo).Methods("GET", "OPTIONS")
+	//e.AddRoute("/v1/spots/{id}/video", e.getSpotVideo, "GET")
-	e.router.HandleFunc("/v1/spots/{id}/public-key", e.getPublicKey).Methods("GET", "OPTIONS")
+	//e.AddRoute("/v1/spots/{id}/public-key", e.getPublicKey, "GET")
-	e.router.HandleFunc("/v1/spots/{id}/public-key", e.updatePublicKey).Methods("PATCH", "OPTIONS")
+	//e.AddRoute("/v1/spots/{id}/public-key", e.updatePublicKey, "PATCH")
-	e.router.HandleFunc("/v1/spots/{id}/status", e.spotStatus).Methods("GET", "OPTIONS")
+	//e.AddRoute("/v1/spots/{id}/status", e.spotStatus, "GET")
-	e.router.HandleFunc("/v1/ping", e.ping).Methods("GET", "OPTIONS")
+	e.AddRoute("/v1/ping", e.ping, "GET")
+
+	excludedPaths := map[string]map[string]bool{
+		//"/v1/ping":  {"GET": true},
+		//"/v1/spots": {"POST": true},
+	}
+
+	authMiddleware := middleware.AuthMiddleware(e.services.Auth, e.log, excludedPaths, getPermissions, nil)
+	limiterMiddleware := middleware.RateLimit(common.NewUserRateLimiter(10, 30, 1*time.Minute, 5*time.Minute))
+	e.Use(middleware.CORS(e.cfg.UseAccessControlHeaders))
+	e.Use(authMiddleware)
+	e.Use(limiterMiddleware)
+	e.Use(middleware.Action())
 
 	// CORS middleware
-	e.router.Use(e.corsMiddleware)
+	//e.router.Use(e.corsMiddleware)
-	e.router.Use(e.authMiddleware)
+	//e.router.Use(e.authMiddleware)
-	e.router.Use(e.rateLimitMiddleware)
+	//e.router.Use(e.rateLimitMiddleware)
-	e.router.Use(e.actionMiddleware)
+	//e.router.Use(e.actionMiddleware)
 }
 
 func (e *Router) ping(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusOK)
 }
 
-func (e *Router) corsMiddleware(next http.Handler) http.Handler {
+//func (e *Router) corsMiddleware(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+//	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.URL.Path == "/" {
+//		if r.URL.Path == "/" {
-			next.ServeHTTP(w, r)
+//			next.ServeHTTP(w, r)
-		}
+//		}
-		if e.cfg.UseAccessControlHeaders {
+//		if e.cfg.UseAccessControlHeaders {
-			// Prepare headers for preflight requests
+//			// Prepare headers for preflight requests
-			w.Header().Set("Access-Control-Allow-Origin", "*")
+//			w.Header().Set("Access-Control-Allow-Origin", "*")
-			w.Header().Set("Access-Control-Allow-Methods", "POST,GET,PATCH,DELETE")
+//			w.Header().Set("Access-Control-Allow-Methods", "POST,GET,PATCH,DELETE")
-			w.Header().Set("Access-Control-Allow-Headers", "Content-Type,Authorization,Content-Encoding")
+//			w.Header().Set("Access-Control-Allow-Headers", "Content-Type,Authorization,Content-Encoding")
-		}
+//		}
-		if r.Method == http.MethodOptions {
+//		if r.Method == http.MethodOptions {
-			w.Header().Set("Cache-Control", "max-age=86400")
+//			w.Header().Set("Cache-Control", "max-age=86400")
-			w.WriteHeader(http.StatusOK)
+//			w.WriteHeader(http.StatusOK)
-			return
+//			return
-		}
+//		}
-		r = r.WithContext(context.WithValues(r.Context(), map[string]interface{}{"httpMethod": r.Method, "url": util.SafeString(r.URL.Path)}))
+//		r = r.WithContext(context.WithValues(r.Context(), map[string]interface{}{"httpMethod": r.Method, "url": util.SafeString(r.URL.Path)}))
+//
+//		next.ServeHTTP(w, r)
+//	})
+//}
 
-		next.ServeHTTP(w, r)
+//func (e *Router) authMiddleware(next http.Handler) http.Handler {
-	})
+//	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-}
+//		if r.URL.Path == "/" {
+//			next.ServeHTTP(w, r)
+//		}
+//		isExtension := false
+//		pathTemplate, err := mux.CurrentRoute(r).GetPathTemplate()
+//		if err != nil {
+//			e.log.Error(r.Context(), "failed to get path template: %s", err)
+//		} else {
+//			if pathTemplate == "/v1/ping" ||
+//				(pathTemplate == "/v1/spots" && r.Method == "POST") ||
+//				(pathTemplate == "/v1/spots/{id}/uploaded" && r.Method == "POST") {
+//				isExtension = true
+//			}
+//		}
+//
+//		// Check if the request is authorized
+//		user, err := e.services.Auth.IsAuthorized(r.Header.Get("Authorization"), getPermissions(r.URL.Path), isExtension)
+//		if err != nil {
+//			e.log.Warn(r.Context(), "Unauthorized request: %s", err)
+//			if !isSpotWithKeyRequest(r) {
+//				w.WriteHeader(http.StatusUnauthorized)
+//				return
+//			}
+//
+//			user, err = e.services.Keys.IsValid(r.URL.Query().Get("key"))
+//			if err != nil {
+//				e.log.Warn(r.Context(), "Wrong public key: %s", err)
+//				w.WriteHeader(http.StatusUnauthorized)
+//				return
+//			}
+//		}
+//
+//		r = r.WithContext(context.WithValues(r.Context(), map[string]interface{}{"userData": user}))
+//		next.ServeHTTP(w, r)
+//	})
+//}
 
-func (e *Router) authMiddleware(next http.Handler) http.Handler {
+//func isSpotWithKeyRequest(r *http.Request) bool {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+//	pathTemplate, err := mux.CurrentRoute(r).GetPathTemplate()
-		if r.URL.Path == "/" {
+//	if err != nil {
-			next.ServeHTTP(w, r)
+//		return false
-		}
+//	}
-		isExtension := false
+//	getSpotPrefix := "/v1/spots/{id}"            // GET
-		pathTemplate, err := mux.CurrentRoute(r).GetPathTemplate()
+//	addCommentPrefix := "/v1/spots/{id}/comment" // POST
-		if err != nil {
+//	getStatusPrefix := "/v1/spots/{id}/status"   // GET
-			e.log.Error(r.Context(), "failed to get path template: %s", err)
+//	if (pathTemplate == getSpotPrefix && r.Method == "GET") ||
-		} else {
+//		(pathTemplate == addCommentPrefix && r.Method == "POST") ||
-			if pathTemplate == "/v1/ping" ||
+//		(pathTemplate == getStatusPrefix && r.Method == "GET") {
-				(pathTemplate == "/v1/spots" && r.Method == "POST") ||
+//		return true
-				(pathTemplate == "/v1/spots/{id}/uploaded" && r.Method == "POST") {
+//	}
-				isExtension = true
+//	return false
-			}
+//}
-		}
 
-		// Check if the request is authorized
+//func (e *Router) rateLimitMiddleware(next http.Handler) http.Handler {
-		user, err := e.services.Auth.IsAuthorized(r.Header.Get("Authorization"), getPermissions(r.URL.Path), isExtension)
+//	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if err != nil {
+//		if r.URL.Path == "/" {
-			e.log.Warn(r.Context(), "Unauthorized request: %s", err)
+//			next.ServeHTTP(w, r)
-			if !isSpotWithKeyRequest(r) {
+//		}
-				w.WriteHeader(http.StatusUnauthorized)
+//		user := r.Context().Value("userData").(*auth.User)
-				return
+//		rl := e.limiter.GetRateLimiter(user.ID)
-			}
+//
+//		if !rl.Allow() {
+//			http.Error(w, "Too Many Requests", http.StatusTooManyRequests)
+//			return
+//		}
+//		next.ServeHTTP(w, r)
+//	})
+//}
 
-			user, err = e.services.Keys.IsValid(r.URL.Query().Get("key"))
+//type statusWriter struct {
-			if err != nil {
+//	http.ResponseWriter
-				e.log.Warn(r.Context(), "Wrong public key: %s", err)
+//	statusCode int
-				w.WriteHeader(http.StatusUnauthorized)
+//}
-				return
+//
-			}
+//func (w *statusWriter) WriteHeader(statusCode int) {
-		}
+//	w.statusCode = statusCode
+//	w.ResponseWriter.WriteHeader(statusCode)
+//}
+//
+//func (w *statusWriter) Write(b []byte) (int, error) {
+//	if w.statusCode == 0 {
+//		w.statusCode = http.StatusOK // Default status code is 200
+//	}
+//	return w.ResponseWriter.Write(b)
+//}
 
-		r = r.WithContext(context.WithValues(r.Context(), map[string]interface{}{"userData": user}))
+//func (e *Router) actionMiddleware(next http.Handler) http.Handler {
-		next.ServeHTTP(w, r)
+//	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-	})
+//		if r.URL.Path == "/" {
-}
+//			next.ServeHTTP(w, r)
+//		}
+//		// Read body and restore the io.ReadCloser to its original state
+//		bodyBytes, err := io.ReadAll(r.Body)
+//		if err != nil {
+//			http.Error(w, "can't read body", http.StatusBadRequest)
+//			return
+//		}
+//		r.Body = io.NopCloser(bytes.NewBuffer(bodyBytes))
+//		// Use custom response writer to get the status code
+//		sw := &statusWriter{ResponseWriter: w}
+//		// Serve the request
+//		next.ServeHTTP(sw, r)
+//		e.logRequest(r, bodyBytes, sw.statusCode)
+//	})
+//}
 
-func isSpotWithKeyRequest(r *http.Request) bool {
+//func (e *Router) GetHandler() http.Handler {
-	pathTemplate, err := mux.CurrentRoute(r).GetPathTemplate()
+//	return e.router
-	if err != nil {
+//}
-		return false
-	}
-	getSpotPrefix := "/v1/spots/{id}"            // GET
-	addCommentPrefix := "/v1/spots/{id}/comment" // POST
-	getStatusPrefix := "/v1/spots/{id}/status"   // GET
-	if (pathTemplate == getSpotPrefix && r.Method == "GET") ||
-		(pathTemplate == addCommentPrefix && r.Method == "POST") ||
-		(pathTemplate == getStatusPrefix && r.Method == "GET") {
-		return true
-	}
-	return false
-}
-
-func (e *Router) rateLimitMiddleware(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.URL.Path == "/" {
-			next.ServeHTTP(w, r)
-		}
-		user := r.Context().Value("userData").(*auth.User)
-		rl := e.limiter.GetRateLimiter(user.ID)
-
-		if !rl.Allow() {
-			http.Error(w, "Too Many Requests", http.StatusTooManyRequests)
-			return
-		}
-		next.ServeHTTP(w, r)
-	})
-}
-
-type statusWriter struct {
-	http.ResponseWriter
-	statusCode int
-}
-
-func (w *statusWriter) WriteHeader(statusCode int) {
-	w.statusCode = statusCode
-	w.ResponseWriter.WriteHeader(statusCode)
-}
-
-func (w *statusWriter) Write(b []byte) (int, error) {
-	if w.statusCode == 0 {
-		w.statusCode = http.StatusOK // Default status code is 200
-	}
-	return w.ResponseWriter.Write(b)
-}
-
-func (e *Router) actionMiddleware(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.URL.Path == "/" {
-			next.ServeHTTP(w, r)
-		}
-		// Read body and restore the io.ReadCloser to its original state
-		bodyBytes, err := io.ReadAll(r.Body)
-		if err != nil {
-			http.Error(w, "can't read body", http.StatusBadRequest)
-			return
-		}
-		r.Body = io.NopCloser(bytes.NewBuffer(bodyBytes))
-		// Use custom response writer to get the status code
-		sw := &statusWriter{ResponseWriter: w}
-		// Serve the request
-		next.ServeHTTP(sw, r)
-		e.logRequest(r, bodyBytes, sw.statusCode)
-	})
-}
-
-func (e *Router) GetHandler() http.Handler {
-	return e.router
-}

backend/pkg/spot/builder.go

@@ -2,38 +2,35 @@ package spot
 
 import (
 	"openreplay/backend/internal/config/spot"
-	"openreplay/backend/pkg/db/postgres/pool"
+	"openreplay/backend/pkg/common"
-	"openreplay/backend/pkg/flakeid"
 	"openreplay/backend/pkg/logger"
-	"openreplay/backend/pkg/objectstorage"
-	"openreplay/backend/pkg/objectstorage/store"
-	"openreplay/backend/pkg/spot/auth"
 	"openreplay/backend/pkg/spot/service"
 	"openreplay/backend/pkg/spot/transcoder"
 )
 
 type ServicesBuilder struct {
-	Flaker     *flakeid.Flaker
+	*common.ServicesBuilder
-	ObjStorage objectstorage.ObjectStorage
-	Auth       auth.Auth
 	Spots      service.Spots
 	Keys       service.Keys
 	Transcoder transcoder.Transcoder
+	cfg        *spot.Config
 }
 
-func NewServiceBuilder(log logger.Logger, cfg *spot.Config, pgconn pool.Pool) (*ServicesBuilder, error) {
+func NewServiceBuilder(log logger.Logger, cfg *spot.Config) (*ServicesBuilder, error) {
-	objStore, err := store.NewStore(&cfg.ObjectsConfig)
+	builder := common.NewServiceBuilder(log).
-	if err != nil {
+		WithDatabase(cfg.Postgres.String()).
-		return nil, err
+		WithAuth(cfg.JWTSecret, cfg.JWTSpotSecret).
-	}
+		WithObjectStorage(&cfg.ObjectsConfig)
-	flaker := flakeid.NewFlaker(cfg.WorkerID)
+
-	spots := service.NewSpots(log, pgconn, flaker)
+	keys := service.NewKeys(log, builder.Pgconn)
+	spots := service.NewSpots(log, builder.Pgconn, builder.Flaker)
+	tc := transcoder.NewTranscoder(cfg, log, builder.ObjStorage, builder.Pgconn, spots)
+
 	return &ServicesBuilder{
-		Flaker:     flaker,
+		ServicesBuilder: builder,
-		ObjStorage: objStore,
+		Spots:           spots,
-		Auth:       auth.NewAuth(log, cfg.JWTSecret, cfg.JWTSpotSecret, pgconn),
+		Keys:            keys,
-		Spots:      spots,
+		Transcoder:      tc,
-		Keys:       service.NewKeys(log, pgconn),
+		cfg:             cfg,
-		Transcoder: transcoder.NewTranscoder(cfg, log, objStore, pgconn, spots),
 	}, nil
 }