Remove ADMIN_TOKEN, add username check
This commit is contained in:
nak
parent
b63eb08aa3
commit
087534ce23
1 changed files with 7 additions and 10 deletions
17
main.go
17
main.go
|
|
@ -25,7 +25,6 @@ var ctx = context.Background()
|
|||
var domainAdminUser string
|
||||
var domainAdminPass string
|
||||
var hmacSecret []byte
|
||||
var adminToken string
|
||||
var pokerManager *poker.Manager
|
||||
|
||||
// Shape definitions: name -> face count -> price (100 * faces)
|
||||
|
|
@ -84,12 +83,6 @@ func main() {
|
|||
}
|
||||
log.Println("Connected to Redis")
|
||||
|
||||
// Admin token for poker admin UI
|
||||
adminToken = os.Getenv("ADMIN_TOKEN")
|
||||
if adminToken == "" {
|
||||
log.Fatal("ADMIN_TOKEN environment variable must be set")
|
||||
}
|
||||
|
||||
// Poker manager
|
||||
pokerManager = poker.NewManager(rdb, ctx)
|
||||
pokerManager.ValidateToken = validateToken
|
||||
|
|
@ -485,14 +478,18 @@ func adjustBalance(username string, delta int64) (int64, error) {
|
|||
return int64(newBalance), err
|
||||
}
|
||||
|
||||
// adminAuthMiddleware checks the Authorization header against ADMIN_TOKEN.
|
||||
func adminAuthMiddleware(next http.HandlerFunc) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
auth := r.Header.Get("Authorization")
|
||||
if !strings.HasPrefix(auth, "Bearer ") || strings.TrimPrefix(auth, "Bearer ") != adminToken {
|
||||
username, err := validateToken(r)
|
||||
if err != nil {
|
||||
http.Error(w, "unauthorized", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
if username != "nak" {
|
||||
http.Error(w, "forbidden", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
next(w, r)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue