From f6bd59c30f608ba00110ef027321e65532d5ea30 Mon Sep 17 00:00:00 2001
From: Quentin McGaw <quentin.mcgaw@gmail.com>
Date: Sat, 24 Aug 2024 19:42:22 +0000
Subject: [PATCH] feat(server): add apikey auth method

---
 internal/server/middlewares/auth/apikey.go   | 31 ++++++++++++++++++++
 internal/server/middlewares/auth/lookup.go   |  2 ++
 internal/server/middlewares/auth/settings.go |  7 +++--
 3 files changed, 38 insertions(+), 2 deletions(-)
 create mode 100644 internal/server/middlewares/auth/apikey.go

diff --git a/internal/server/middlewares/auth/apikey.go b/internal/server/middlewares/auth/apikey.go
new file mode 100644
index 000000000..0e6791fac
--- /dev/null
+++ b/internal/server/middlewares/auth/apikey.go
@@ -0,0 +1,31 @@
+package auth
+
+import "net/http"
+
+type apiKeyMethod struct {
+	apiKey string
+}
+
+func newAPIKeyMethod(apiKey string) *apiKeyMethod {
+	return &apiKeyMethod{
+		apiKey: apiKey,
+	}
+}
+
+// equal returns true if another auth checker is equal.
+// This is used to deduplicate checkers for a particular route.
+func (a *apiKeyMethod) equal(other authorizationChecker) bool {
+	otherTokenMethod, ok := other.(*apiKeyMethod)
+	if !ok {
+		return false
+	}
+	return a.apiKey == otherTokenMethod.apiKey
+}
+
+func (a *apiKeyMethod) isAuthorized(_ http.ResponseWriter, request *http.Request) bool {
+	xAPIKey := request.Header.Get("X-API-Key")
+	if xAPIKey == "" {
+		xAPIKey = request.URL.Query().Get("api_key")
+	}
+	return xAPIKey == a.apiKey
+}
diff --git a/internal/server/middlewares/auth/lookup.go b/internal/server/middlewares/auth/lookup.go
index 8f76637d3..b834957da 100644
--- a/internal/server/middlewares/auth/lookup.go
+++ b/internal/server/middlewares/auth/lookup.go
@@ -17,6 +17,8 @@ func settingsToLookupMap(settings Settings) (routeToRoles map[Route][]internalRo
 		switch auth.Method {
 		case MethodNone:
 			authNameToChecker[auth.Name] = newNoneMethod()
+		case MethodAPIKey:
+			authNameToChecker[auth.Name] = newAPIKeyMethod(auth.APIKey)
 		default:
 			return nil, fmt.Errorf("%w: %s", ErrMethodNotSupported, auth.Name)
 		}
diff --git a/internal/server/middlewares/auth/settings.go b/internal/server/middlewares/auth/settings.go
index 5195dc533..d2f5d1c6a 100644
--- a/internal/server/middlewares/auth/settings.go
+++ b/internal/server/middlewares/auth/settings.go
@@ -115,7 +115,8 @@ func (s Settings) ToLinesNode() (node *gotree.Node) {
 }
 
 const (
-	MethodNone = "none"
+	MethodNone   = "none"
+	MethodAPIKey = "apikey"
 )
 
 // Auth contains the authentication method name and fields
@@ -125,6 +126,8 @@ type Auth struct {
 	Name string
 	// Method is the authentication method to use.
 	Method string
+	// APIKey is the API key to use for the API key authentication method.
+	APIKey string
 }
 
 func (a Auth) validate() (err error) {
@@ -140,7 +143,7 @@ var (
 )
 
 func validateAuthMethod(method string) (err error) {
-	err = validate.IsOneOf(method, MethodNone)
+	err = validate.IsOneOf(method, MethodNone, MethodAPIKey)
 	if err != nil {
 		return fmt.Errorf("%w: %s", ErrMethodNotSupported, method)
 	}