func muxHandler(main http.Handler, authKeys []string) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { httphelper.CORSAllowAllHandler(w, r) if r.URL.Path == "/ping" || r.Method == "OPTIONS" { w.WriteHeader(200) return } _, password, _ := parseBasicAuth(r.Header) if password == "" && strings.Contains(r.Header.Get("Accept"), "text/event-stream") { password = r.URL.Query().Get("key") } var authed bool for _, k := range authKeys { if len(password) == len(k) && subtle.ConstantTimeCompare([]byte(password), []byte(k)) == 1 { authed = true break } } if !authed { w.WriteHeader(401) return } main.ServeHTTP(w, r) }) }
func (api *API) CorsHandler(main http.Handler) http.Handler { httpInterfaceURL := api.conf.InterfaceURL if strings.HasPrefix(api.conf.InterfaceURL, "https") { httpInterfaceURL = "http" + strings.TrimPrefix(api.conf.InterfaceURL, "https") } corsHandler := cors.Allow(&cors.Options{ AllowOrigins: []string{api.conf.InterfaceURL, httpInterfaceURL}, AllowMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"}, AllowHeaders: []string{"Authorization", "Accept", "Content-Type", "If-Match", "If-None-Match"}, ExposeHeaders: []string{"ETag"}, AllowCredentials: true, MaxAge: time.Hour, }) return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { if strings.HasSuffix(req.URL.Path, "/ping") || req.Method == "OPTIONS" { httphelper.CORSAllowAllHandler(w, req) w.WriteHeader(200) return } corsHandler(w, req) main.ServeHTTP(w, req) }) }