From 2663cf3dae33aed2fed5819e2eb3408bd372a420 Mon Sep 17 00:00:00 2001
From: Jef Roosens <roosensjef@gmail.com>
Date: Tue, 11 Jan 2022 21:18:33 +0100
Subject: [PATCH] Added x-api-key auth support

---
 vieter/auth.v   | 11 +++++++++++
 vieter/routes.v |  4 ++++
 2 files changed, 15 insertions(+)
 create mode 100644 vieter/auth.v

diff --git a/vieter/auth.v b/vieter/auth.v
new file mode 100644
index 00000000..eab63c85
--- /dev/null
+++ b/vieter/auth.v
@@ -0,0 +1,11 @@
+module main
+
+import net.http
+
+fn (mut app App) is_authorized() bool {
+	x_header := app.req.header.get_custom('X-Api-Key', http.HeaderQueryConfig{ exact: true }) or {
+		return false
+	}
+
+	return x_header.trim_space() == app.api_key
+}
diff --git a/vieter/routes.v b/vieter/routes.v
index a8e5e1ab..0b570ca0 100644
--- a/vieter/routes.v
+++ b/vieter/routes.v
@@ -38,6 +38,10 @@ fn (mut app App) get_root(filename string) web.Result {
 
 ['/pkgs/:pkg'; put]
 fn (mut app App) put_package(pkg string) web.Result {
+	if !app.is_authorized() {
+		return app.text('Unauthorized.')
+	}
+
 	if !is_pkg_name(pkg) {
 		app.lwarn("Invalid package name '$pkg'.")