go.mod

@@ -9,8 +9,9 @@ require (
 	github.com/jmoiron/sqlx v1.2.0
 	github.com/mattn/go-sqlite3 v1.11.0
 	github.com/rs/zerolog v1.16.0
+	github.com/speps/go-hashids v2.0.0+incompatible
 	github.com/stretchr/graceful v1.2.15
-	golang.org/x/crypto v0.0.0-20191107222254-f4817d981bb6 // indirect
+	golang.org/x/crypto v0.0.0-20191107222254-f4817d981bb6
 	golang.org/x/sys v0.0.0-20191029155521-f43be2a4598c // indirect
 	google.golang.org/appengine v1.6.5 // indirect
 )

go.sum

@@ -62,6 +62,9 @@ github.com/rs/zerolog v1.16.0/go.mod h1:9nvC1axdVrAHcu/s9taAVfBuIdTZLVQmKQyvrUjF
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/speps/go-hashids v1.0.0 h1:jdFC07PrExRM4Og5Ev4411Tox75aFpkC77NlmutadNI=
+github.com/speps/go-hashids v2.0.0+incompatible h1:kSfxGfESueJKTx0mpER9Y/1XHl+FVQjtCqRyYcviFbw=
+github.com/speps/go-hashids v2.0.0+incompatible/go.mod h1:P7hqPzMdnZOfyIk+xrlG1QaSMw+gCBdHKsBDnhpaZvc=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=

web/routes.go

@@ -1,17 +1,19 @@
 package web
 
 import (
+	"fmt"
 	"net/http"
 	"os"
 	"time"
 
+	"github.com/gorilla/handlers"
+	"github.com/gorilla/mux"
+	"github.com/rs/zerolog/log"
+
 	"code.chrissexton.org/cws/cabinet/db"
 
 	packr "github.com/gobuffalo/packr/v2"
 
-	"github.com/gorilla/handlers"
-	"github.com/gorilla/mux"
-	"github.com/rs/zerolog/log"
 	"github.com/stretchr/graceful"
 )
 
@@ -36,13 +38,46 @@ func New(addr string, db *db.Database, box *packr.Box) *Web {
 	return w
 }
 
+type AuthMiddleware struct{}
+
+func (aw *AuthMiddleware) Middleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Header.Get("X-Auth-Key") == "" {
+			w.WriteHeader(401)
+			fmt.Fprint(w, "invalid login")
+		}
+		log.Debug().Msgf("This shit is authed!")
+		next.ServeHTTP(w, r)
+	})
+}
+
 func (web *Web) routeSetup() http.Handler {
 	r := mux.NewRouter()
 	api := r.PathPrefix("/v1/").Subrouter()
+	auth := AuthMiddleware{}
+
+	authedApi := r.PathPrefix("/v1/").Subrouter()
+	authedApi.Use(auth.Middleware)
+
+	api.HandleFunc("/test", func(w http.ResponseWriter, r *http.Request) {
+		log.Debug().Msg("test json")
+	}).Methods(http.MethodPost).HeadersRegexp("Content-Type", `application/json.*`)
+
+	api.HandleFunc("/test", func(w http.ResponseWriter, r *http.Request) {
+		log.Debug().Msg("test markdown")
+	}).Methods(http.MethodPost).HeadersRegexp("Content-Type", `application/markdown.*`)
+
+	// curl 'http://127.0.0.1:8080/v1/test' -X POST -H 'Accept: application/json, text/plain, */*' --compressed -H 'Content-Type: application/json;charset=utf-8' --data '{ "test": 1 }'
+
 	api.HandleFunc("/entries", web.allEntries).Methods(http.MethodGet)
-	api.HandleFunc("/entries", web.newEntry).Methods(http.MethodPost)
-	api.HandleFunc("/entries/{slug}", web.removeEntry).Methods(http.MethodDelete)
-	api.HandleFunc("/entries/{slug}", web.editEntry).Methods(http.MethodPut)
+	authedApi.HandleFunc("/entries", web.newEntry).Methods(http.MethodPost)
+	authedApi.HandleFunc("/entries", web.newEntry).Methods(http.MethodPost).
+		HeadersRegexp("Content-Type", "application/(text|json).*")
+	//authedApi.HandleFunc("/entries", web.newMarkdownEntry).Methods(http.MethodPost).
+	//	HeadersRegexp("Content-Type", "application/markdown.*")
+	authedApi.HandleFunc("/entries/{slug}", web.removeEntry).Methods(http.MethodDelete)
+	authedApi.HandleFunc("/entries/{slug}", web.editEntry).Methods(http.MethodPut)
+
 	api.HandleFunc("/entries/{slug}", web.getEntry).Methods(http.MethodGet)
 	api.HandleFunc("/auth", web.auth).Methods(http.MethodPost)
 	r.PathPrefix("/").HandlerFunc(web.indexHandler("/index.html"))