diff options
| -rw-r--r-- | api/handler/site.go | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/api/handler/site.go b/api/handler/site.go index 0a2ac85..abdc0de 100644 --- a/api/handler/site.go +++ b/api/handler/site.go @@ -1,8 +1,10 @@ package handler import ( + "crypto/subtle" "fmt" "net/http" + "strings" "github.com/LMBishop/scrapbook/pkg/config" "github.com/LMBishop/scrapbook/pkg/index" @@ -11,6 +13,13 @@ import ( func UploadSiteVersion(mainConfig *config.MainConfig, index *index.SiteIndex) func(http.ResponseWriter, *http.Request) { return func(w http.ResponseWriter, r *http.Request) { + token := strings.TrimPrefix("Bearer ", r.Header.Get("Authorization")) + + if len(mainConfig.Command.Secret) == 0 || subtle.ConstantTimeCompare([]byte(token), []byte(mainConfig.Command.Secret)) != 1 { + w.WriteHeader(http.StatusForbidden) + return + } + site := r.PathValue("site") reader, err := r.MultipartReader() if err != nil { |