Expensive bee

2026-02-03 16:49:05 +02:00
parent d3f29e3927
commit cdcdf2c644
10 changed files with 376 additions and 50 deletions
--- a/api/api.go
+++ b/api/api.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"net/http"
 	"strconv"
+	"strings"
 	"woke/db"
 )

@@ -12,13 +13,14 @@ type Notifier func()

 // Server provides a REST API for alarm CRUD.
 type Server struct {
-	store  *db.Store
-	mux    *http.ServeMux
-	notify Notifier
+	store    *db.Store
+	mux      *http.ServeMux
+	notify   Notifier
+	password string
 }

-func New(store *db.Store, notify Notifier) *Server {
-	s := &Server{store: store, notify: notify}
+func New(store *db.Store, password string, notify Notifier) *Server {
+	s := &Server{store: store, notify: notify, password: password}
 	s.mux = http.NewServeMux()
 	s.mux.HandleFunc("GET /api/alarms", s.listAlarms)
 	s.mux.HandleFunc("GET /api/alarms/{id}", s.getAlarm)
@@ -30,7 +32,18 @@ func New(store *db.Store, notify Notifier) *Server {
 }

 func (s *Server) Handler() http.Handler {
-	return s.mux
+	if s.password == "" {
+		return s.mux
+	}
+	// Wrap with auth middleware
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		auth := r.Header.Get("Authorization")
+		if !strings.HasPrefix(auth, "Bearer ") || auth[7:] != s.password {
+			writeError(w, http.StatusUnauthorized, "invalid or missing authorization")
+			return
+		}
+		s.mux.ServeHTTP(w, r)
+	})
 }

 type alarmRequest struct {