feat(api): add apikey support (#408)

* feat(api): add apikey support * feat(web): api settings crud
2025-07-23 00:39:13 +00:00 · 2022-08-15 11:58:13 +02:00 · 2022-08-15 11:58:13 +02:00 · fa20978d58
commit fa20978d58
parent 9c036033e9
31 changed files with 834 additions and 70 deletions
--- a/internal/http/middleware.go
+++ b/internal/http/middleware.go
@ -4,14 +4,30 @@ import "net/http"

 func (s Server) IsAuthenticated(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		// check session
-		session, _ := s.cookieStore.Get(r, "user_session")
+		if token := r.Header.Get("X-API-Token"); token != "" {
+			// check header
+			if !s.apiService.ValidateAPIKey(r.Context(), token) {
+				http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+				return
+			}

-		// Check if user is authenticated
-		if auth, ok := session.Values["authenticated"].(bool); !ok || !auth {
-			http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
-			return
+		} else if key := r.URL.Query().Get("apikey"); key != "" {
+			// check query param lke ?apikey=TOKEN
+			if !s.apiService.ValidateAPIKey(r.Context(), key) {
+				http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+				return
+			}
+		} else {
+			// check session
+			session, _ := s.cookieStore.Get(r, "user_session")
+
+			// Check if user is authenticated
+			if auth, ok := session.Values["authenticated"].(bool); !ok || !auth {
+				http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+				return
+			}
 		}
+
 		next.ServeHTTP(w, r)
 	})
 }