Skip to content

Commit

Permalink
protect chessbot routes
Browse files Browse the repository at this point in the history
  • Loading branch information
@Hopertz
Hopertz committed Nov 12, 2024
1 parent f5f9c36 commit b3ed71b
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 5 deletions.
3 changes: 3 additions & 0 deletions cmd/api/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,9 @@ func main() {
flag.StringVar(&cfg.ENV, "env", os.Getenv("ENV_STAGE"), "Environment (development|Staging|production")
flag.StringVar(&cfg.DB.DSN, "db-dsn", os.Getenv("SW_DB_DSN"), "PostgreSQL DSN")

flag.StringVar(&cfg.BasicAuth.USERNAME, "basicauth-username", os.Getenv("BASICAUTH_USERNAME"), "basicauth-username")
flag.StringVar(&cfg.BasicAuth.PASSWORD, "basicauth-password", os.Getenv("BASICAUTH_PASSWORD"), "basicauth-password")

flag.StringVar(&cfg.NextSmS.Username, "nextsms-username", os.Getenv("NEXTSMS_USERNAME"), "nextsms-username")
flag.StringVar(&cfg.NextSmS.Password, "nextsms-password", os.Getenv("NEXTSMS_PASSWORD"), "nextsms-password")

Expand Down
21 changes: 16 additions & 5 deletions cmd/api/routes.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package main

import (
"crypto/subtle"
"net/http"

"github.com/labstack/echo/v4"
Expand All @@ -25,11 +26,21 @@ func (app *application) routes() *echo.Echo {
e.POST("/login", app.createAuthTokenHandler)
e.GET("/lichess/leaderboard", app.leaderboardHandler)

e.GET("/lichess/members", app.getLichessTeamMemberHandler)
e.POST("/lichess/members", app.insertLichessTeamMemberHandler)
e.POST("/telegram/bot/users", app.insertTgUserHandler)
e.PUT("/telegram/bot/users", app.updateTgUserHandler)
e.GET("/telegram/bot/users/active", app.getActiveTgUserHandler)
// for chessbot
b := e.Group("/bot")
b.Use(middleware.BasicAuth(func(username, password string, c echo.Context) (bool, error) {
if subtle.ConstantTimeCompare([]byte(username), []byte(app.config.BasicAuth.USERNAME)) == 1 &&
subtle.ConstantTimeCompare([]byte(password), []byte(app.config.BasicAuth.PASSWORD)) == 1 {
return true, nil
}
return false, nil
}))

b.GET("/lichess/members", app.getLichessTeamMemberHandler)
b.POST("/lichess/members", app.insertLichessTeamMemberHandler)
b.POST("/telegram/bot/users", app.insertTgUserHandler)
b.PUT("/telegram/bot/users", app.updateTgUserHandler)
b.GET("/telegram/bot/users/active", app.getActiveTgUserHandler)

// user management
e.POST("/users", app.registerUserHandler)
Expand Down
5 changes: 5 additions & 0 deletions config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,11 @@ type Config struct {
PORT string
ENV string

BasicAuth struct {
USERNAME string
PASSWORD string
}

DB struct {
DSN string
MaxOpenConns int
Expand Down

0 comments on commit b3ed71b

Please sign in to comment.