From 541e74c7dff1105c4befd6ba5a79eff1357b4f00 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mika=C3=ABl=20Cluseau?= <mikael.cluseau@gmail.com>
Date: Fri, 2 Oct 2020 06:40:57 +0200
Subject: [PATCH] auth..

---
 cmd/dkl-store-upload/main.go | 1 +
 cmd/dkl-store/main.go        | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/cmd/dkl-store-upload/main.go b/cmd/dkl-store-upload/main.go
index f6ddf6c..a631eb5 100644
--- a/cmd/dkl-store-upload/main.go
+++ b/cmd/dkl-store-upload/main.go
@@ -62,6 +62,7 @@ func main() {
 	req, err := http.NewRequest("POST", outURL, in)
 	fail(err)
 
+	req.Header.Set("Authorization", "Bearer "+*token)
 	req.Header.Set("X-Content-SHA1", sha1Hex)
 
 	log.Print("uploading...")
diff --git a/cmd/dkl-store/main.go b/cmd/dkl-store/main.go
index b7c9242..4bcac06 100644
--- a/cmd/dkl-store/main.go
+++ b/cmd/dkl-store/main.go
@@ -58,6 +58,11 @@ func handleHTTP(w http.ResponseWriter, req *http.Request) {
 		http.ServeFile(w, req, filePath)
 
 	case "POST":
+		if req.Header.Get("Authorization") != ("Bearer " + *uploadToken) {
+			http.Error(w, "unauthorized", http.StatusUnauthorized)
+			return
+		}
+
 		tmpOut := filepath.Join(filepath.Dir(filePath), "."+filepath.Base(filePath))
 
 		if err := os.MkdirAll(filepath.Dir(filePath), 0755); err != nil {