package web import ( "github.com/lus/pasty/internal/pastes" "github.com/lus/pasty/internal/slices" "net/http" "strings" ) func (server *Server) v2MiddlewareAuthorize(next http.Handler) http.Handler { return http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) { paste, ok := request.Context().Value("paste").(*pastes.Paste) if !ok { writeString(writer, http.StatusInternalServerError, "missing paste object") return } authHeader := strings.SplitN(request.Header.Get("Authorization"), " ", 2) if len(authHeader) != 2 || authHeader[0] != "Bearer" { writeString(writer, http.StatusUnauthorized, "unauthorized") return } isAdmin := slices.Contains(server.AdminTokens, authHeader[1]) if isAdmin { next.ServeHTTP(writer, request) return } if !server.ModificationTokensEnabled || !paste.CheckModificationToken(authHeader[1]) { writeString(writer, http.StatusUnauthorized, "unauthorized") return } next.ServeHTTP(writer, request) }) }