implement admin key authentication and refactor API key handling

2026-03-17 16:13:48 +01:00
parent 8097be88a6
commit c61afa45c7
6 changed files with 87 additions and 53 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -6,9 +6,10 @@ import (
 )

 type Config struct {
-	Port    string
-	DSN     string
-	APIKeys []string
+	Port     string
+	DSN      string
+	APIKey   string
+	AdminKey string
 }

 func Load() *Config {
@@ -17,18 +18,30 @@ func Load() *Config {
 		port = "8080"
 	}

-	raw := os.Getenv("API_KEYS")
-	var keys []string
+	raw := os.Getenv("API_KEY")
+	var apiKey string
 	for _, k := range strings.Split(raw, ",") {
 		k = strings.TrimSpace(k)
 		if k != "" {
-			keys = append(keys, k)
+			apiKey = k
+			break
+		}
+	}
+
+	raw = os.Getenv("ADMIN_KEY")
+	var adminKey string
+	for _, k := range strings.Split(raw, ",") {
+		k = strings.TrimSpace(k)
+		if k != "" {
+			adminKey = k
+			break
 		}
 	}

 	return &Config{
-		Port:    port,
-		DSN:     os.Getenv("DB_DSN"),
-		APIKeys: keys,
+		Port:     port,
+		DSN:      os.Getenv("DB_DSN"),
+		APIKey:   apiKey,
+		AdminKey: adminKey,
 	}
 }
--- a/internal/handlers/bug_report_handler.route.go
+++ b/internal/handlers/bug_report_handler.route.go
--- a/internal/handlers/example.go
+++ b/internal/handlers/example.go
@@ -1,24 +0,0 @@
-package handlers
-
-import (
-	"encoding/json"
-	"io"
-	"net/http"
-)
-
-var ExampleGet http.HandlerFunc = func(w http.ResponseWriter, r *http.Request) {
-	w.Header().Set("Content-Type", "application/json")
-	json.NewEncoder(w).Encode(map[string]string{"message": "example GET"})
-}
-
-var ExamplePost http.HandlerFunc = func(w http.ResponseWriter, r *http.Request) {
-	body, _ := io.ReadAll(r.Body)
-	defer r.Body.Close()
-
-	w.Header().Set("Content-Type", "application/json")
-	w.WriteHeader(http.StatusCreated)
-	json.NewEncoder(w).Encode(map[string]any{
-		"message":  "example POST",
-		"received": string(body),
-	})
-}
--- a/internal/middleware/adminKey.go
+++ b/internal/middleware/adminKey.go
@@ -0,0 +1,36 @@
+package middleware
+
+import (
+	"encoding/json"
+	"log"
+	"net/http"
+
+	"github.com/jmoiron/sqlx"
+
+	"emly-api-go/internal/config"
+)
+
+func AdminKeyAuth(_ *sqlx.DB) func(http.Handler) http.Handler {
+	cfg := config.Load()
+
+	if len(cfg.AdminKey) == 0 {
+		log.Panic("API key or admin key are empty")
+		return nil
+	}
+
+	allowed := make(map[string]struct{}, 1)
+	allowed[cfg.AdminKey] = struct{}{}
+
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			key := r.Header.Get("X-Admin-Key")
+			if _, ok := allowed[key]; !ok {
+				w.Header().Set("Content-Type", "application/json")
+				w.WriteHeader(http.StatusUnauthorized)
+				json.NewEncoder(w).Encode(map[string]string{"error": "unauthorized admin key"})
+				return
+			}
+			next.ServeHTTP(w, r)
+		})
+	}
+}
--- a/internal/middleware/apikey.go
+++ b/internal/middleware/apikey.go
@@ -2,6 +2,7 @@ package middleware

 import (
 	"encoding/json"
+	"log"
 	"net/http"

 	"github.com/jmoiron/sqlx"
@@ -12,11 +13,14 @@ import (
 func APIKeyAuth(_ *sqlx.DB) func(http.Handler) http.Handler {
 	cfg := config.Load()

-	allowed := make(map[string]struct{}, len(cfg.APIKeys))
-	for _, k := range cfg.APIKeys {
-		allowed[k] = struct{}{}
+	if len(cfg.APIKey) == 0 {
+		log.Panic("API key or admin key are empty")
+		return nil
 	}

+	allowed := make(map[string]struct{}, 1)
+	allowed[cfg.APIKey] = struct{}{}
+
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			key := r.Header.Get("X-API-Key")