(next http.Handler)
| 9 | ) |
| 10 | |
| 11 | func (s *Service) validateApiKey(next http.Handler) http.Handler { |
| 12 | return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
| 13 | apiKeyHeader := r.Header.Get("x-api-key") |
| 14 | if apiKeyHeader == "" { |
| 15 | http.Error(w, "missing x-api-key header", http.StatusUnauthorized) |
| 16 | return |
| 17 | } |
| 18 | |
| 19 | // check API key |
| 20 | apiKey := s.ApiKey() |
| 21 | |
| 22 | key, err := uuid.Parse(apiKeyHeader) |
| 23 | switch { |
| 24 | case err != nil: |
| 25 | http.Error(w, "invalid api key format: must be a valid UUID", http.StatusUnprocessableEntity) |
| 26 | return |
| 27 | case key != apiKey: |
| 28 | http.Error(w, "api key mismatch", http.StatusForbidden) |
| 29 | return |
| 30 | } |
| 31 | |
| 32 | next.ServeHTTP(w, r) |
| 33 | }) |
| 34 | } |
| 35 | |
| 36 | func (s *Service) checkBackendMiddleware(next http.Handler) http.Handler { |
| 37 | return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
nothing calls this directly
no test coverage detected