package auth import ( "crypto/subtle" "github.com/openHPI/poseidon/internal/config" "github.com/openHPI/poseidon/pkg/logging" "net/http" ) var log = logging.GetLogger("api/auth") const TokenHeader = "Poseidon-Token" var correctAuthenticationToken []byte // InitializeAuthentication returns true iff the authentication is initialized successfully and can be used. func InitializeAuthentication() bool { token := config.Config.Server.Token if token == "" { return false } correctAuthenticationToken = []byte(token) return true } func HTTPAuthenticationMiddleware(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { token := r.Header.Get(TokenHeader) if subtle.ConstantTimeCompare([]byte(token), correctAuthenticationToken) == 0 { log.WithContext(r.Context()). WithField("token", logging.RemoveNewlineSymbol(token)). Warn("Incorrect token") w.WriteHeader(http.StatusUnauthorized) return } next.ServeHTTP(w, r) }) }