From d0e52760d90af818f2eb13d8488b957b5e0e8612 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Z=C3=ADpek?= <jan@zipek.cz>
Date: Sun, 21 Aug 2022 22:48:18 +0200
Subject: [PATCH] Expect bearer prefix in authorization header

---
 server/config/config.go   | 4 +++-
 server/middleware/auth.go | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/server/config/config.go b/server/config/config.go
index acfbace..f96e55c 100644
--- a/server/config/config.go
+++ b/server/config/config.go
@@ -29,8 +29,10 @@ func LoadConfig() *Config {
 		Ip:           os.Getenv("BIND_IP"),
 		AuthUsername: os.Getenv("AUTH_USERNAME"),
 		AuthPassword: os.Getenv("AUTH_PASSWORD"),
-		AuthKey:      os.Getenv("SENSOR_AUTH_KEY"),
+		AuthKey:      os.Getenv("AUTH_KEY"),
 	}
 
+	// TODO: Crash when any auth* param is empty
+
 	return &config
 }
diff --git a/server/middleware/auth.go b/server/middleware/auth.go
index 89dd8bf..3e164e0 100644
--- a/server/middleware/auth.go
+++ b/server/middleware/auth.go
@@ -22,8 +22,10 @@ func LoginAuthMiddleware(server *app.Server) gin.HandlerFunc {
 }
 
 func KeyAuthMiddleware(server *app.Server) gin.HandlerFunc {
+	keyWithBearer := "Bearer " + server.Config.AuthKey
+
 	return func(c *gin.Context) {
-		if c.GetHeader("authorization") != server.Config.AuthKey {
+		if c.GetHeader("authorization") != keyWithBearer {
 			c.AbortWithStatus(http.StatusUnauthorized)
 
 			return