Files
mengyamonitor/mengyamonitor-backend-server/internal/middleware/admin.go
2026-05-16 19:03:34 +08:00

24 lines
535 B
Go

package middleware
import (
"crypto/subtle"
"net/http"
"mengyamonitor-backend-server/internal/config"
"github.com/gin-gonic/gin"
)
// AdminToken rejects requests without a valid X-Admin-Token header.
func AdminToken(cfg *config.Config) gin.HandlerFunc {
tok := []byte(cfg.AdminToken)
return func(c *gin.Context) {
given := []byte(c.GetHeader("X-Admin-Token"))
if subtle.ConstantTimeCompare(given, tok) != 1 {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})
return
}
c.Next()
}
}