kamen
/
graphicek
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Expect bearer prefix in authorization header

This commit is contained in:
Jan Zípek 2022-08-21 22:48:18 +02:00
parent f330279e05
commit d0e52760d9
Signed by: kamen
GPG Key ID: A17882625B33AC31
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server/config/config.go
View File

@ -29,8 +29,10 @@ func LoadConfig() *Config {
Ip: os.Getenv("BIND_IP"), Ip: os.Getenv("BIND_IP"),
AuthUsername: os.Getenv("AUTH_USERNAME"), AuthUsername: os.Getenv("AUTH_USERNAME"),
AuthPassword: os.Getenv("AUTH_PASSWORD"), AuthPassword: os.Getenv("AUTH_PASSWORD"),
AuthKey: os.Getenv("SENSOR_AUTH_KEY"), AuthKey: os.Getenv("AUTH_KEY"),
} }
// TODO: Crash when any auth* param is empty
return &config return &config
} }

4
server/middleware/auth.go
View File

@ -22,8 +22,10 @@ func LoginAuthMiddleware(server *app.Server) gin.HandlerFunc {
} }
func KeyAuthMiddleware(server *app.Server) gin.HandlerFunc { func KeyAuthMiddleware(server *app.Server) gin.HandlerFunc {
keyWithBearer := "Bearer " + server.Config.AuthKey
return func(c *gin.Context) { return func(c *gin.Context) {
if c.GetHeader("authorization") != server.Config.AuthKey { if c.GetHeader("authorization") != keyWithBearer {
c.AbortWithStatus(http.StatusUnauthorized) c.AbortWithStatus(http.StatusUnauthorized)
return return