feat: add api key auth to web api (#183)

2026-03-07 21:48:18 -08:00 · 2026-01-26 13:48:43 -05:00 · 2026-01-26 13:48:43 -05:00 · 42b32c7920
commit 42b32c7920
parent bf1c03e9fd
7 changed files with 418 additions and 332 deletions
--- a/engine/routes.go
+++ b/engine/routes.go
@ -38,9 +38,7 @@ func bindRoutes(
 		r.Get("/config", handlers.GetCfgHandler())

 		r.Group(func(r chi.Router) {
-			if cfg.LoginGate() {
-				r.Use(middleware.ValidateSession(db))
-			}
+			r.Use(middleware.Authenticate(db, middleware.AuthModeLoginGate))
 			r.Get("/artist", handlers.GetArtistHandler(db))
 			r.Get("/artists", handlers.GetArtistsForItemHandler(db))
 			r.Get("/album", handlers.GetAlbumHandler(db))
@ -79,7 +77,7 @@ func bindRoutes(
 		})

 		r.Group(func(r chi.Router) {
-			r.Use(middleware.ValidateSession(db))
+			r.Use(middleware.Authenticate(db, middleware.AuthModeSessionOrAPIKey))
 			r.Get("/export", handlers.ExportHandler(db))
 			r.Post("/replace-image", handlers.ReplaceImageHandler(db))
 			r.Patch("/album", handlers.UpdateAlbumHandler(db))
@ -111,8 +109,10 @@ func bindRoutes(
 			AllowedHeaders: []string{"Content-Type", "Authorization"},
 		}))

-		r.With(middleware.ValidateApiKey(db)).Post("/submit-listens", handlers.LbzSubmitListenHandler(db, mbz))
-		r.With(middleware.ValidateApiKey(db)).Get("/validate-token", handlers.LbzValidateTokenHandler(db))
+		r.With(middleware.Authenticate(db, middleware.AuthModeAPIKey)).
+			Post("/submit-listens", handlers.LbzSubmitListenHandler(db, mbz))
+		r.With(middleware.Authenticate(db, middleware.AuthModeAPIKey)).
+			Get("/validate-token", handlers.LbzValidateTokenHandler(db))
 	})

 	// serve react client