downloads API, UI

2023-02-07 21:29:19 +01:00
parent e44303eab9
commit b6c714fac7
32 changed files with 17675 additions and 5 deletions
--- a/cmd/dkl-local-server/auth.go
+++ b/cmd/dkl-local-server/auth.go
@ -26,11 +26,32 @@ func authorizeToken(r *http.Request, token string) bool {
 	}

 	reqToken := r.Header.Get("Authorization")
+	if reqToken != "" {
+		return reqToken == "Bearer "+token
+	}

-	return reqToken == "Bearer "+token
+	return r.URL.Query().Get("token") == token
 }

 func forbidden(w http.ResponseWriter, r *http.Request) {
 	log.Printf("denied access to %s from %s", r.RequestURI, r.RemoteAddr)
 	http.Error(w, "Forbidden", http.StatusForbidden)
 }
+
+func requireToken(token string, handler http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		if !authorizeToken(req, token) {
+			forbidden(w, req)
+			return
+		}
+		handler.ServeHTTP(w, req)
+	})
+}
+
+func requireAdmin(handler http.Handler) http.Handler {
+	return requireToken(*adminToken, handler)
+}
+
+func requireHosts(handler http.Handler) http.Handler {
+	return requireToken(*hostsToken, handler)
+}