func muxHandler(main http.Handler, authKeys []string) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
httphelper.CORSAllowAllHandler(w, r)
if r.URL.Path == "/ping" || r.Method == "OPTIONS" {
w.WriteHeader(200)
return
}
_, password, _ := parseBasicAuth(r.Header)
if password == "" && strings.Contains(r.Header.Get("Accept"), "text/event-stream") {
password = r.URL.Query().Get("key")
}
var authed bool
for _, k := range authKeys {
if len(password) == len(k) && subtle.ConstantTimeCompare([]byte(password), []byte(k)) == 1 {
authed = true
break
}
}
if !authed {
w.WriteHeader(401)
return
}
main.ServeHTTP(w, r)
})
}
func (api *API) CorsHandler(main http.Handler) http.Handler {
httpInterfaceURL := api.conf.InterfaceURL
if strings.HasPrefix(api.conf.InterfaceURL, "https") {
httpInterfaceURL = "http" + strings.TrimPrefix(api.conf.InterfaceURL, "https")
}
corsHandler := cors.Allow(&cors.Options{
AllowOrigins: []string{api.conf.InterfaceURL, httpInterfaceURL},
AllowMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"},
AllowHeaders: []string{"Authorization", "Accept", "Content-Type", "If-Match", "If-None-Match"},
ExposeHeaders: []string{"ETag"},
AllowCredentials: true,
MaxAge: time.Hour,
})
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
if strings.HasSuffix(req.URL.Path, "/ping") || req.Method == "OPTIONS" {
httphelper.CORSAllowAllHandler(w, req)
w.WriteHeader(200)
return
}
corsHandler(w, req)
main.ServeHTTP(w, req)
})
}
