diff options
| author | Leonardo Bishop <me@leonardobishop.net> | 2025-07-16 19:25:52 +0100 |
|---|---|---|
| committer | Leonardo Bishop <me@leonardobishop.net> | 2025-07-16 19:25:52 +0100 |
| commit | dbb0d382deaafd3519c9b4ab7583cf58884897e8 (patch) | |
| tree | e3b0bc551b5b0a744a4a00d26b6ee2d48e600b85 /api/handler/site.go | |
| parent | 3af8911d46913b8e47c2bf18536a1ec4b7c21596 (diff) | |
Add api auth
Diffstat (limited to 'api/handler/site.go')
| -rw-r--r-- | api/handler/site.go | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/api/handler/site.go b/api/handler/site.go index 0a2ac85..abdc0de 100644 --- a/api/handler/site.go +++ b/api/handler/site.go @@ -1,8 +1,10 @@ package handler import ( + "crypto/subtle" "fmt" "net/http" + "strings" "github.com/LMBishop/scrapbook/pkg/config" "github.com/LMBishop/scrapbook/pkg/index" @@ -11,6 +13,13 @@ import ( func UploadSiteVersion(mainConfig *config.MainConfig, index *index.SiteIndex) func(http.ResponseWriter, *http.Request) { return func(w http.ResponseWriter, r *http.Request) { + token := strings.TrimPrefix("Bearer ", r.Header.Get("Authorization")) + + if len(mainConfig.Command.Secret) == 0 || subtle.ConstantTimeCompare([]byte(token), []byte(mainConfig.Command.Secret)) != 1 { + w.WriteHeader(http.StatusForbidden) + return + } + site := r.PathValue("site") reader, err := r.MultipartReader() if err != nil { |