Finish the API endpoint for cover upload

2026-03-20 00:00:48 -04:00 · 2020-04-08 07:01:06 +00:00
parent fcf9d39047
commit 8262a163db
13 changed files with 268 additions and 73 deletions
--- a/src/handlers/auth_handler.cr
+++ b/src/handlers/auth_handler.cr
@@ -0,0 +1,25 @@
+require "kemal"
+require "../storage"
+require "../util"
+
+class AuthHandler < Kemal::Handler
+  def initialize(@storage : Storage)
+  end
+
+  def call(env)
+    return call_next(env) if request_path_startswith env, ["/login", "/logout"]
+
+    cookie = env.request.cookies.find { |c| c.name == "token" }
+    if cookie.nil? || !@storage.verify_token cookie.value
+      return env.redirect "/login"
+    end
+
+    if request_path_startswith env, ["/admin", "/api/admin", "/download"]
+      unless @storage.verify_admin cookie.value
+        env.response.status_code = 403
+      end
+    end
+
+    call_next env
+  end
+end