feat: protect post route with MARKA_API_KEY
Some checks failed
Build and Push Server / build-and-push (push) Has been cancelled
Some checks failed
Build and Push Server / build-and-push (push) Has been cancelled
This commit is contained in:
Max Richter
@@ -14,6 +14,7 @@ import (
|
||||
|
||||
type Handler struct {
|
||||
adapter adapters.FileAdapter
|
||||
apiKey string
|
||||
}
|
||||
|
||||
func (h *Handler) get(w http.ResponseWriter, target string) {
|
||||
@@ -49,6 +50,16 @@ func (h *Handler) get(w http.ResponseWriter, target string) {
|
||||
}
|
||||
|
||||
func (h *Handler) post(w http.ResponseWriter, r *http.Request, target string) {
|
||||
if h.apiKey != "" {
|
||||
if r.Header.Get("Authentication") != h.apiKey {
|
||||
writeError(w, http.StatusUnauthorized, errors.New("invalid api key"))
|
||||
return
|
||||
}
|
||||
} else {
|
||||
writeError(w, http.StatusUnauthorized, errors.New("invalid api key"))
|
||||
return
|
||||
}
|
||||
|
||||
body, err := io.ReadAll(r.Body)
|
||||
if err != nil {
|
||||
writeError(w, http.StatusBadRequest, err)
|
||||
@@ -97,8 +108,9 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
}
|
||||
|
||||
func NewHandler(adapter adapters.FileAdapter) http.Handler {
|
||||
func NewHandler(adapter adapters.FileAdapter, apiKey string) http.Handler {
|
||||
return &Handler{
|
||||
adapter: adapter,
|
||||
apiKey: apiKey,
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user