dev day #79

internal/middleware/request_validation.go

@@ -1,12 +1,11 @@
 package middleware
 
 import (
-	"bytes"
-	"io"
 	"net/http"
 	"strings"
 
 	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
 )
 
 // RequestSizeLimit limits the size of request bodies
@@ -39,14 +38,15 @@ func ValidateContentType() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		if c.Request.Method == "POST" || c.Request.Method == "PUT" || c.Request.Method == "PATCH" {
 			contentType := c.GetHeader("Content-Type")
-			
-			// Allow multipart for file uploads
-			if strings.Contains(c.Request.URL.Path, "/upload") {
+			path := c.Request.URL.Path
+
+			// Allow multipart for uploads and image processing crop upload
+			if strings.Contains(path, "/upload") || strings.Contains(path, "/image-processing/crop-upload") {
 				c.Next()
 				return
 			}
 
-			// Require JSON for API endpoints
+			// Require JSON for other API endpoints
 			if !strings.Contains(contentType, "application/json") {
 				c.JSON(http.StatusUnsupportedMediaType, gin.H{
 					"error": "Content-Type must be application/json",
@@ -75,10 +75,17 @@ func RequestID() gin.HandlerFunc {
 }
 
 func generateRequestID() string {
-	// Simple request ID generation
-	b := make([]byte, 16)
-	_, _ = io.ReadFull(bytes.NewReader([]byte(strings.Repeat("0123456789abcdef", 2))), b)
-	return string(b)
+	return uuid.New().String()
+}
+
+// GetRequestID retrieves the request ID from context
+func GetRequestID(c *gin.Context) string {
+	if id, exists := c.Get("request_id"); exists {
+		if requestID, ok := id.(string); ok {
+			return requestID
+		}
+	}
+	return ""
 }
 
 // SecurityAuditLog logs security-relevant events