Refactor apikey

abaldeweg · Oct 19, 2024 · 0aafb6b · 0aafb6b
1 parent 5a1a239
commit 0aafb6b
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 13 deletions.
diff --git a/blog/router/router.go b/blog/router/router.go
@@ -7,16 +7,20 @@ import (
 	"github.com/abaldeweg/warehouse-server/blog/content/article"
 	"github.com/abaldeweg/warehouse-server/blog/content/home"
 	"github.com/abaldeweg/warehouse-server/framework/router"
+	"github.com/abaldeweg/warehouse-server/framework/storage"
 	"github.com/gin-gonic/gin"
 )
 
 // Routes sets up the Gin router.
 func Routes() *gin.Engine {
+	s := storage.NewStorage("filesystem", "data/auth", "api_keys.json")
+	k, _ := s.Load()
+
 	r := router.Engine()
 
-	api := r.Group("/", router.ApiKeyMiddleware)
+	api := r.Group("/", router.ApiKeyMiddleware(k))
 	{
-		api.GET("/home", router.PermissionsMiddleware("articles"), func(c *gin.Context) {
+		api.GET("/home", router.PermissionsMiddleware(k, "articles"), func(c *gin.Context) {
 			index, err := home.GetHome()
 			if err != nil {
 				c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
@@ -25,7 +29,7 @@ func Routes() *gin.Engine {
 
 			c.String(http.StatusOK, index)
 		})
-		api.GET("/home/new/:days", router.PermissionsMiddleware("articles"), func(c *gin.Context) {
+		api.GET("/home/new/:days", router.PermissionsMiddleware(k, "articles"), func(c *gin.Context) {
 			daysStr := c.Param("days")
 
 			days, err := strconv.Atoi(daysStr)
@@ -42,7 +46,7 @@ func Routes() *gin.Engine {
 
 			c.JSON(http.StatusOK, gin.H{"new_articles": newCount})
 		})
-		api.GET("/article/*path", router.PermissionsMiddleware("articles"), func(c *gin.Context) {
+		api.GET("/article/*path", router.PermissionsMiddleware(k, "articles"), func(c *gin.Context) {
 			path := c.Param("path")
 
 			cnt, err := article.GetArticle(path)

diff --git a/framework/router/router.go b/framework/router/router.go
@@ -17,24 +17,30 @@ func Engine() *gin.Engine {
 }
 
 // ApiKeyMiddleware is a middleware to check for API key authentication.
-func ApiKeyMiddleware(c *gin.Context) {
-	key := c.GetHeader("X-API-Key")
+func ApiKeyMiddleware(data []byte) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		key := c.GetHeader("X-API-Key")
 
-	if !apikey.IsValidAPIKey(key) {
-		c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid API key"})
-		return
-	}
+		k, _ := apikey.NewAPIKeys(data)
+
+		if !k.IsValidAPIKey(key) {
+			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid API key"})
+			return
+		}
 
-	c.Next()
+		c.Next()
+	}
 }
 
 // permissionsMiddleware is a middleware to check for API key permissions.
-func PermissionsMiddleware(permissions ...string) gin.HandlerFunc {
+func PermissionsMiddleware(data []byte, permissions ...string) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		key := c.GetHeader("X-API-Key")
 
+		k, _ := apikey.NewAPIKeys(data)
+
 		for _, permission := range permissions {
-			if !apikey.HasPermission(key, permission) {
+			if !k.HasPermission(key, permission) {
 				c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "Forbidden"})
 				return