Skip to content

Oh whoops #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
SyniRon merged 2 commits into from
Jan 10, 2026
Merged

Oh whoops #46

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
12f095f
fix auth on caching
SyniRon Jan 10, 2026
29848b2
version bump
SyniRon Jan 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 25 additions & 6 deletions servers/gateway/gateway.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,24 +21,27 @@ package gateway
import (
"compress/gzip"
"context"
"crypto/subtle"
"fmt"
"log"
"mime"
"net/http"
"os"
"strings"

"github.com/7cav/api/cache"
"github.com/7cav/api/middleware"
"github.com/7cav/api/proto"
_ "github.com/7cav/api/statik" // static files import - unused in the codebase, but required cuz reasons
"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
"github.com/rakyll/statik/fs"
"google.golang.org/grpc"
"log"
"mime"
"net/http"
"os"
"strings"
)

type Service struct {
Address string
Cache *cache.RedisCache
APISecret string
}

var (
Expand All @@ -59,6 +62,21 @@ func getOpenAPIHandler() http.Handler {
return http.FileServer(statikFs)
}

func authMiddleware(secret string, next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
authHeader := r.Header.Get("Authorization")
token := strings.TrimPrefix(authHeader, "Bearer ")

if subtle.ConstantTimeCompare([]byte(token), []byte(secret)) != 1 {
Warn.Printf("Unauthorized HTTP access attempt from %s", r.RemoteAddr)
http.Error(w, "Unauthorized", http.StatusUnauthorized)
return
}

next.ServeHTTP(w, r)
})
}

func compressionMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
Expand Down Expand Up @@ -118,7 +136,8 @@ func (service *Service) Server() *http.Server {

openApi := getOpenAPIHandler()

handler := middleware.CacheMiddleware(service.Cache, compressionMiddleware(gwMux))
handler := authMiddleware(service.APISecret,
middleware.CacheMiddleware(service.Cache, compressionMiddleware(gwMux)))

// if requests start with /api then forward it on to the grpc-gateway client
// otherwise, just serve it as norma (basically the OpenAPI)
Expand Down
5 changes: 3 additions & 2 deletions servers/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ import (
"gorm.io/gorm"
)

const version = "2.0.0"
const version = "2.0.1"

type MicroServer struct {
addr string
Expand Down Expand Up @@ -181,7 +181,8 @@ func servGRPC(server *MicroServer, lis net.Listener, grpcOpts []grpc.ServerOptio
}

func servHTTP(server *MicroServer, lis net.Listener) {
service := httpServices.Service{Address: server.addr, Cache: server.cache}
secret := setupAuth()
service := httpServices.Service{Address: server.addr, Cache: server.cache, APISecret: secret,}
server.httpServer = service.Server()
if err := server.httpServer.Serve(lis); err != nil {
Error.Fatalf("unable to start HTTP servers: ", err)
Expand Down