41 lines
945 B
Go
41 lines
945 B
Go
package auth
|
|
|
|
import (
|
|
"log"
|
|
"net/http"
|
|
"strings"
|
|
|
|
"tomatentum.net/svg-templater/internal/database"
|
|
)
|
|
|
|
func AuthMiddleware(next http.Handler) http.HandlerFunc {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
valid, err := validateAuthHeader(r)
|
|
if err != nil {
|
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
|
log.Println("Database Query for token validation failed.\n", r)
|
|
return
|
|
}
|
|
|
|
if valid {
|
|
next.ServeHTTP(w, r)
|
|
} else {
|
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
|
}
|
|
})
|
|
}
|
|
|
|
// Accepts ("Authorization": "BEARER <TOKEN>"), returns database error if query failed
|
|
func validateAuthHeader(r *http.Request) (bool, error) {
|
|
header := strings.Split(r.Header.Get("Authorization"), " ")
|
|
if len(header) < 2 {
|
|
return false, nil
|
|
}
|
|
token := header[1]
|
|
if len(strings.TrimSpace(token)) < 1 {
|
|
return false, nil
|
|
}
|
|
|
|
return database.ValidateTokenCache(token)
|
|
}
|