add admin support to rest_model_zrok.Principal; authenticator (#116)

2025-08-18 11:49:51 +02:00 · 2022-12-01 14:48:23 -05:00
parent b4f85e711f
commit 8610cf944a
7 changed files with 44 additions and 4 deletions
--- a/controller/util.go
+++ b/controller/util.go
@@ -13,20 +13,43 @@ import (
 	"strings"
 )

-func ZrokAuthenticate(token string) (*rest_model_zrok.Principal, error) {
+type zrokAuthenticator struct {
+	cfg *Config
+}
+
+func newZrokAuthenticator(cfg *Config) *zrokAuthenticator {
+	return &zrokAuthenticator{cfg}
+}
+
+func (za *zrokAuthenticator) authenticate(token string) (*rest_model_zrok.Principal, error) {
 	tx, err := str.Begin()
 	if err != nil {
 		return nil, err
 	}
 	defer func() { _ = tx.Rollback() }()
+
 	if a, err := str.FindAccountWithToken(token, tx); err == nil {
-		principal := rest_model_zrok.Principal{
+		principal := &rest_model_zrok.Principal{
 			ID:    int64(a.Id),
 			Token: a.Token,
 			Email: a.Email,
 		}
-		return &principal, nil
+		return principal, nil
 	} else {
+		// check for admin secret
+		if cfg.Admin != nil {
+			for _, secret := range cfg.Admin.Secrets {
+				if token == secret {
+					principal := &rest_model_zrok.Principal{
+						ID:    int64(-1),
+						Admin: true,
+					}
+					return principal, nil
+				}
+			}
+		}
+
+		// no match
 		return nil, errors2.New(401, "invalid api key")
 	}
 }