Skip to content
Snippets Groups Projects

feat: decorator for admin endpoint authentication

Open feat: decorator for admin endpoint authentication
ft/AdminEnpointAuth into main
Open François Henri Théron requested to merge ft/AdminEnpointAuth into main
Compare
and
3 files
+ 105
14
Compare changes
  • Side-by-side
  • Inline
Files
3
jvm/src/main/scala/cs214/webapp/server/web/WebServerRoutes.scala
+ 28
0
@@ -8,11 +8,38 @@ import scala.util.{Try, Success, Failure}
import cask.endpoints.JsonData
import decorators.checkOriginHeader
import decorators.adminAuth
import java.io.File
import scala.io.Source
/** HTTP routes of the WebServer */
private[server] final case class WebServerRoutes()(using cc: castor.Context, log: cask.Logger) extends cask.Routes:
/** Paths where the static content served by the server is stored */
private val WEB_SRC_PATH = "www/static/"
/** Read admin key from secret file */
final private val ADMIN_AUTH = {
val secretPath = "/run/secrets/admin_api_key"
val secretFile = new File(secretPath)
if (secretFile.exists && secretFile.canRead) {
try {
// Read the secret
val secret = Source.fromFile(secretPath).mkString.trim
if (secret.isEmpty) {
println(s"Warning: Secret file at $secretPath is empty!")
None
} else {
Some(secret)
}
} catch {
case e: Exception =>
println(s"Error reading secret file: ${e.getMessage}")
None
}
} else{
None
}
}
/** HTML page to serve when accessing the server `/` and `/app/...` path */
private def HTML_STATIC_FILE =
@@ -77,6 +104,7 @@ private[server] final case class WebServerRoutes()(using cc: castor.Context, log
else
cask.Response(f"Unknown app '$appName'", 400)
@adminAuth(ADMIN_AUTH)
@cask.getJson(f"${Endpoints.Admin.status}")
def adminStatus(): cask.Response[JsonData] =
AdminStatusResponseEncoder.encode: