jhot
/
hats
1
0
Fork 0
Code Actions

Logging for token auth

main
Jordan Hotmann 2023-11-17 11:52:09 -07:00
parent 68b7443de9
commit f46fa6bacd
No known key found for this signature in database
GPG Key ID: 01B504170C2A2EA3
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
internal/api/api.go
View File

@ -94,6 +94,7 @@ func Close() {
func tokenAuthMiddleware(next http.Handler) http.Handler { func tokenAuthMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if cfg.HatsToken == "" { // No token required if cfg.HatsToken == "" { // No token required
logger.Debug("Skipping token auth")
next.ServeHTTP(w, r) next.ServeHTTP(w, r)
return return
} }
@ -103,9 +104,11 @@ func tokenAuthMiddleware(next http.Handler) http.Handler {
case len(authHeaderParts) != 2: case len(authHeaderParts) != 2:
case authHeaderParts[0] != "Bearer": case authHeaderParts[0] != "Bearer":
case authHeaderParts[1] != cfg.HatsToken: case authHeaderParts[1] != cfg.HatsToken:
logger.Warn("Unauthorized request", "method", r.Method, "path", r.URL.Path, "address", r.RemoteAddr)
http.Error(w, "Bearer authorization header doesn't match configured token", http.StatusUnauthorized) http.Error(w, "Bearer authorization header doesn't match configured token", http.StatusUnauthorized)
return return
default: default:
logger.Debug("Token valid")
next.ServeHTTP(w, r) next.ServeHTTP(w, r)
} }
}) })