feat(m1): backend scaffold - entries CRUD, start/stop, auth, migrations

2026-04-30 16:35:06 +02:00
parent 4905c6f570
commit 3aa068efd2
19 changed files with 1483 additions and 0 deletions
--- a/internal/handler/auth.go
+++ b/internal/handler/auth.go
@@ -0,0 +1,24 @@
+package handler
+
+import (
+	"net/http"
+)
+
+// AuthMiddleware returns a middleware that validates the Bearer token.
+func AuthMiddleware(token string) func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			const prefix = "Bearer "
+			auth := r.Header.Get("Authorization")
+			if len(auth) < len(prefix) || auth[:len(prefix)] != prefix {
+				writeError(w, http.StatusUnauthorized, "missing or malformed Authorization header")
+				return
+			}
+			if auth[len(prefix):] != token {
+				writeError(w, http.StatusUnauthorized, "invalid token")
+				return
+			}
+			next.ServeHTTP(w, r)
+		})
+	}
+}