--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/pkg/middleware/dbconn.go	Fri Mar 15 16:45:34 2019 +0100
@@ -0,0 +1,61 @@
+// This is Free Software under GNU Affero General Public License v >= 3.0
+// without warranty, see README.md and license for details.
+//
+// SPDX-License-Identifier: AGPL-3.0-or-later
+// License-Filename: LICENSES/AGPL-3.0.txt
+//
+// Copyright (C) 2019 by via donau
+//   – Österreichische Wasserstraßen-Gesellschaft mbH
+// Software engineering by Intevation GmbH
+//
+// Author(s):
+//  * Sascha L. Teichmann <sascha.teichmann@intevation.de>
+
+package middleware
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"log"
+	"net/http"
+
+	"gemma.intevation.de/gemma/pkg/auth"
+)
+
+type wrapDBKeyType int
+
+const wrapDBKey wrapDBKeyType = 0
+
+func GetDBConn(req *http.Request) *sql.Conn {
+	if conn, ok := req.Context().Value(wrapDBKey).(*sql.Conn); ok {
+		return conn
+	}
+	return nil
+}
+
+func DBConn(next http.Handler) http.Handler {
+
+	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+		token, ok := auth.GetToken(req)
+		if !ok {
+			http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+			return
+		}
+		session := auth.Sessions.Session(token)
+		if session == nil {
+			http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+			return
+		}
+		parent := req.Context()
+		if err := auth.RunAs(parent, session.User, func(conn *sql.Conn) error {
+			ctx := context.WithValue(parent, wrapDBKey, conn)
+			req = req.WithContext(ctx)
+			next.ServeHTTP(rw, req)
+			return nil
+		}); err != nil {
+			log.Printf("error: %v\n", err)
+			http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusInternalServerError)
+		}
+	})
+}