Testing if the key exists... Else, it's not that securized.
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
77aa8421d8
commit
79bce6c7db
@ -17,16 +17,15 @@ fun main() {
|
||||
val app = Javalin.create {
|
||||
it.accessManager { handler, ctx, permittedRoles ->
|
||||
transaction {
|
||||
val k = ctx.header("X-API-KEY").orEmpty()
|
||||
Key.find {
|
||||
Keys.value eq k
|
||||
val maybeKey = Key.find {
|
||||
Keys.value eq ctx.header("X-API-KEY").orEmpty()
|
||||
}.firstOrNull()
|
||||
val auth = ctx.header("Authorization").orEmpty()
|
||||
val isBasicAuthed = auth == System.getenv("LDC_AUTH")
|
||||
when {
|
||||
permittedRoles.contains(ApiRole.PUBLIC) -> handler.handle(ctx)
|
||||
permittedRoles.contains(ApiRole.BASIC_AUTHED) && isBasicAuthed -> handler.handle(ctx)
|
||||
permittedRoles.contains(ApiRole.API_AUTHED) && k != null -> handler.handle(ctx)
|
||||
permittedRoles.contains(ApiRole.API_AUTHED) && maybeKey != null -> handler.handle(ctx)
|
||||
else -> ctx.status(401).json("Unauthorized")
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user