24 lines
535 B
Go
24 lines
535 B
Go
package middleware
|
|
|
|
import (
|
|
"crypto/subtle"
|
|
"net/http"
|
|
|
|
"mengyamonitor-backend-server/internal/config"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
// AdminToken rejects requests without a valid X-Admin-Token header.
|
|
func AdminToken(cfg *config.Config) gin.HandlerFunc {
|
|
tok := []byte(cfg.AdminToken)
|
|
return func(c *gin.Context) {
|
|
given := []byte(c.GetHeader("X-Admin-Token"))
|
|
if subtle.ConstantTimeCompare(given, tok) != 1 {
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})
|
|
return
|
|
}
|
|
c.Next()
|
|
}
|
|
}
|