Files
2026-05-25 13:23:49 +03:30

37 lines
1.0 KiB
Go

package document_scraper
import (
"crypto/subtle"
"strings"
"tm/pkg/response"
"github.com/labstack/echo/v4"
)
// APIKeyMiddleware validates the API key for service-to-service authentication
func APIKeyMiddleware(apiKey string) echo.MiddlewareFunc {
return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
// Extract API key from X-API-Key header
apiKeyHeader := c.Request().Header.Get("X-API-Key")
if apiKeyHeader == "" {
// Also check Authorization header with "ApiKey <key>" format
authHeader := c.Request().Header.Get("Authorization")
if strings.HasPrefix(authHeader, "ApiKey ") {
apiKeyHeader = strings.TrimPrefix(authHeader, "ApiKey ")
}
}
if apiKeyHeader == "" {
return response.Unauthorized(c, "API key required. Use X-API-Key header or Authorization: ApiKey <key>")
}
if subtle.ConstantTimeCompare([]byte(apiKeyHeader), []byte(apiKey)) != 1 {
return response.Unauthorized(c, "Invalid API key")
}
return next(c)
}
}
}