From 7ac7382719ac548f0fdaa67346462583a97992d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mika=C3=ABl=20Cluseau?= <mcluseau@isi.nc>
Date: Thu, 24 Jan 2019 11:40:23 +1300
Subject: [PATCH] chore

---
 cmd/dkl-local-server/auth.go | 36 ++++++++++++++++++++++++++++++++++++
 cmd/dkl-local-server/http.go | 27 ---------------------------
 2 files changed, 36 insertions(+), 27 deletions(-)
 create mode 100644 cmd/dkl-local-server/auth.go

diff --git a/cmd/dkl-local-server/auth.go b/cmd/dkl-local-server/auth.go
new file mode 100644
index 0000000..d42e9ea
--- /dev/null
+++ b/cmd/dkl-local-server/auth.go
@@ -0,0 +1,36 @@
+package main
+
+import (
+	"flag"
+	"log"
+	"net/http"
+)
+
+var (
+	hostsToken = flag.String("hosts-token", "", "Token to give to access /hosts (open is none)")
+	adminToken = flag.String("admin-token", "", "Token to give to access to admin actions (open is none)")
+)
+
+func authorizeHosts(r *http.Request) bool {
+	return authorizeToken(r, *hostsToken)
+}
+
+func authorizeAdmin(r *http.Request) bool {
+	return authorizeToken(r, *adminToken)
+}
+
+func authorizeToken(r *http.Request, token string) bool {
+	if token == "" {
+		// access is open
+		return true
+	}
+
+	reqToken := r.Header.Get("Authorization")
+
+	return reqToken == "Bearer "+token
+}
+
+func forbidden(w http.ResponseWriter, r *http.Request) {
+	log.Printf("denied access to %s from %s", r.RequestURI, r.RemoteAddr)
+	http.Error(w, "Forbidden", http.StatusForbidden)
+}
diff --git a/cmd/dkl-local-server/http.go b/cmd/dkl-local-server/http.go
index 8dea7b0..7bad9e3 100644
--- a/cmd/dkl-local-server/http.go
+++ b/cmd/dkl-local-server/http.go
@@ -19,38 +19,11 @@ import (
 )
 
 var (
-	hostsToken = flag.String("hosts-token", "", "Token to give to access /hosts (open is none)")
-	adminToken = flag.String("admin-token", "", "Token to give to access to admin actions (open is none)")
-
 	reHost = regexp.MustCompile("^/hosts/([^/]+)/([^/]+)$")
 
 	trustXFF = flag.Bool("trust-xff", true, "Trust the X-Forwarded-For header")
 )
 
-func authorizeHosts(r *http.Request) bool {
-	return authorizeToken(r, *hostsToken)
-}
-
-func authorizeAdmin(r *http.Request) bool {
-	return authorizeToken(r, *adminToken)
-}
-
-func authorizeToken(r *http.Request, token string) bool {
-	if token == "" {
-		// access is open
-		return true
-	}
-
-	reqToken := r.Header.Get("Authorization")
-
-	return reqToken == "Bearer "+token
-}
-
-func forbidden(w http.ResponseWriter, r *http.Request) {
-	log.Printf("denied access to %s from %s", r.RequestURI, r.RemoteAddr)
-	http.Error(w, "Forbidden", http.StatusForbidden)
-}
-
 func serveHostByIP(w http.ResponseWriter, r *http.Request) {
 	host, cfg := hostByIP(w, r)
 	if host == nil {