fix: secure admin endpoints with authentication middleware (issue #4)
- Add config parameter to AuthService constructor - Implement proper config-based auth checks in middleware - Wrap all admin endpoints (users, groups, tokens) with authentication - Apply granular scopes: admin:users:*, admin:groups:*, admin:tokens:* - Maintain backward compatibility when config is nil 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
@@ -138,11 +138,12 @@ func (s *RateLimitService) RateLimitMiddleware(next http.HandlerFunc) http.Handl
|
||||
}
|
||||
}
|
||||
|
||||
// isAuthEnabled checks if authentication is enabled (would be passed from config)
|
||||
// isAuthEnabled checks if authentication is enabled from config
|
||||
func (s *AuthService) isAuthEnabled() bool {
|
||||
// This would normally be injected from config, but for now we'll assume enabled
|
||||
// TODO: Inject config dependency
|
||||
return true
|
||||
if s.config != nil {
|
||||
return s.config.AuthEnabled
|
||||
}
|
||||
return true // Default to enabled if no config
|
||||
}
|
||||
|
||||
// Helper method to check rate limits (simplified version)
|
||||
|
||||
Reference in New Issue
Block a user