diff --git a/.env b/.env index 7d8d53e..33f97e3 100644 --- a/.env +++ b/.env @@ -9,3 +9,5 @@ SMTP_PORT= FROM_ADDRESS= API_URL=http://localhost:8080 + +API_KEY= diff --git a/server/server.go b/server/server.go index 3cb937d..07e6d02 100644 --- a/server/server.go +++ b/server/server.go @@ -18,7 +18,10 @@ import ( "github.com/rs/cors" ) -const defaultPort = "8080" +const ( + defaultPort = "8080" + apiKeyHeader = "X-API-Key" +) func main() { ctx := context.Background() @@ -66,7 +69,15 @@ func main() { gqlResolvers := graph.Resolver{DB: db} srv := handler.NewDefaultServer(graph.NewExecutableSchema(graph.Config{Resolvers: &gqlResolvers})) - router.Handle("/api", srv) + router.With(func(h http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Header.Get(apiKeyHeader) != os.Getenv("API_KEY") { + http.Error(w, "Invalid API Key", http.StatusUnauthorized) + return + } + h.ServeHTTP(w, r) + }) + }).Handle("/api", srv) router.Handle("/", playground.Handler("GraphQL playground", "/api"))