jhot
/
hats
1
0
Fork 0
Code Actions

Split header by space

main
Jordan Hotmann 2023-11-17 11:56:22 -07:00
parent f46fa6bacd
commit 21b45b4255
No known key found for this signature in database
GPG Key ID: 01B504170C2A2EA3
1 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
internal/api/api.go
View File

@ -99,18 +99,15 @@ func tokenAuthMiddleware(next http.Handler) http.Handler {
return return
} }
authHeaderParts := strings.Split(r.Header.Get("Authorization"), "") logger.Debug("Checking bearer token")
switch { authHeaderParts := strings.Split(r.Header.Get("Authorization"), " ")
case len(authHeaderParts) != 2: if len(authHeaderParts) != 2 || authHeaderParts[0] != "Bearer" || authHeaderParts[1] != cfg.HatsToken {
case authHeaderParts[0] != "Bearer":
case authHeaderParts[1] != cfg.HatsToken:
logger.Warn("Unauthorized request", "method", r.Method, "path", r.URL.Path, "address", r.RemoteAddr) logger.Warn("Unauthorized request", "method", r.Method, "path", r.URL.Path, "address", r.RemoteAddr)
http.Error(w, "Bearer authorization header doesn't match configured token", http.StatusUnauthorized) http.Error(w, "Bearer authorization header doesn't match configured token", http.StatusUnauthorized)
return return
default: }
logger.Debug("Token valid") logger.Debug("Token valid")
next.ServeHTTP(w, r) next.ServeHTTP(w, r)
}
}) })
} }