jean/time-tracker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add API key middleware and update configuration to support API key validation

Browse Source
This commit is contained in:
Jean Jacques Avril 2025-03-11 17:20:39 +00:00
parent 165432208c
commit c08da6fc92
5 changed files with 46 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.env
View File

@ -3,4 +3,5 @@ DB_PORT=5432
DB_USER=timetracker DB_USER=timetracker
DB_PASSWORD=password DB_PASSWORD=password
DB_NAME=timetracker DB_NAME=timetracker
DB_SSLMODE=disable DB_SSLMODE=disable
API_KEY=

2
backend/cmd/api/main.go
View File

@ -67,7 +67,7 @@ func main() {
r.GET("/api", helloHandler) r.GET("/api", helloHandler)
// Setup API routes // Setup API routes
routes.SetupRouter(r) routes.SetupRouter(r, cfg)
// Swagger documentation // Swagger documentation
r.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler)) r.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler))

35
backend/internal/api/middleware/api_key_middleware.go Normal file
View File

@ -0,0 +1,35 @@
package middleware
import (
"github.com/gin-gonic/gin"
"github.com/timetracker/backend/internal/api/utils"
"github.com/timetracker/backend/internal/config"
)
// APIKeyMiddleware checks for a valid API key if configured
func APIKeyMiddleware(cfg *config.Config) gin.HandlerFunc {
return func(c *gin.Context) {
// Skip if no API key is configured
if cfg.APIKey == "" {
c.Next()
return
}
// Get API key from header
apiKey := c.GetHeader("X-API-Key")
if apiKey == "" {
utils.UnauthorizedResponse(c, "API key is required")
c.Abort()
return
}
// Validate API key
if apiKey != cfg.APIKey {
utils.UnauthorizedResponse(c, "Invalid API key")
c.Abort()
return
}
c.Next()
}
}

5
backend/internal/api/routes/router.go
View File

@ -4,11 +4,14 @@ import (
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"github.com/timetracker/backend/internal/api/handlers" "github.com/timetracker/backend/internal/api/handlers"
"github.com/timetracker/backend/internal/api/middleware" "github.com/timetracker/backend/internal/api/middleware"
"github.com/timetracker/backend/internal/config"
) )
// SetupRouter configures all the routes for the API // SetupRouter configures all the routes for the API
func SetupRouter(r *gin.Engine) { func SetupRouter(r *gin.Engine, cfg *config.Config) {
// Create handlers // Create handlers
// Apply API key middleware to all API routes
r.Use(middleware.APIKeyMiddleware(cfg))
userHandler := handlers.NewUserHandler() userHandler := handlers.NewUserHandler()
activityHandler := handlers.NewActivityHandler() activityHandler := handlers.NewActivityHandler()
companyHandler := handlers.NewCompanyHandler() companyHandler := handlers.NewCompanyHandler()

4
backend/internal/config/config.go
View File

@ -15,6 +15,7 @@ import (
// Config represents the application configuration // Config represents the application configuration
type Config struct { type Config struct {
Database models.DatabaseConfig Database models.DatabaseConfig
APIKey string
} }
// LoadConfig loads configuration from environment variables and .env file // LoadConfig loads configuration from environment variables and .env file
@ -31,6 +32,9 @@ func LoadConfig() (*Config, error) {
return nil, fmt.Errorf("failed to load database config: %w", err) return nil, fmt.Errorf("failed to load database config: %w", err)
} }
// Load API key
cfg.APIKey = getEnv("API_KEY", "")
return cfg, nil return cfg, nil
} }