feat: bring back auth protection

Signed-off-by: Matt Gleich <[email protected]>
gleich · Jan 7, 2025 · 96649cd · 96649cd
1 parent bcadc99
commit 96649cd
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 0 deletions.
diff --git a/internal/apis/applemusic/applemusic.go b/internal/apis/applemusic/applemusic.go
@@ -5,6 +5,7 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/gleich/lcp-v2/internal/auth"
 	"github.com/gleich/lcp-v2/internal/cache"
 	"github.com/gleich/lumber/v3"
 	"github.com/go-chi/chi/v5"
@@ -77,6 +78,7 @@ type cacheDataResponse struct {
 
 func serveHTTP(c *cache.Cache[cacheData]) http.HandlerFunc {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		auth.IsAuthorized(w, r)
 		w.Header().Set("Content-Type", "application/json")
 		c.DataMutex.RLock()
 

diff --git a/internal/apis/applemusic/playlists.go b/internal/apis/applemusic/playlists.go
@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"github.com/gleich/lcp-v2/internal/apis"
+	"github.com/gleich/lcp-v2/internal/auth"
 	"github.com/gleich/lcp-v2/internal/cache"
 	"github.com/gleich/lumber/v3"
 	"github.com/go-chi/chi/v5"
@@ -95,6 +96,7 @@ func fetchPlaylist(id string) (playlist, error) {
 
 func playlistEndpoint(c *cache.Cache[cacheData]) http.HandlerFunc {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		auth.IsAuthorized(w, r)
 		id := chi.URLParam(r, "id")
 
 		c.DataMutex.RLock()

diff --git a/internal/auth/bearer.go b/internal/auth/bearer.go
@@ -0,0 +1,16 @@
+package auth
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/gleich/lcp-v2/internal/secrets"
+)
+
+func IsAuthorized(w http.ResponseWriter, r *http.Request) bool {
+	if r.Header.Get("Authorization") != fmt.Sprintf("Bearer %s", secrets.SECRETS.ValidToken) {
+		w.WriteHeader(http.StatusUnauthorized)
+		return false
+	}
+	return true
+}
diff --git a/internal/cache/cache.go b/internal/cache/cache.go
@@ -11,6 +11,7 @@ import (
 	"time"
 
 	"github.com/gleich/lcp-v2/internal/apis"
+	"github.com/gleich/lcp-v2/internal/auth"
 	"github.com/gleich/lcp-v2/internal/secrets"
 	"github.com/gleich/lumber/v3"
 )
@@ -41,6 +42,7 @@ type CacheResponse[T any] struct {
 
 func (c *Cache[T]) ServeHTTP() http.HandlerFunc {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		auth.IsAuthorized(w, r)
 		w.Header().Set("Content-Type", "application/json")
 		c.DataMutex.RLock()
 		err := json.NewEncoder(w).Encode(CacheResponse[T]{Data: c.Data, Updated: c.Updated})

diff --git a/internal/secrets/secrets.go b/internal/secrets/secrets.go
@@ -9,6 +9,7 @@ import (
 var SECRETS Secrets
 
 type Secrets struct {
+	ValidToken  string `env:"VALID_TOKEN"`
 	CacheFolder string `env:"CACHE_FOLDER"`
 
 	StravaClientID       string `env:"STRAVA_CLIENT_ID"`