Make deleting fail if no/invalid token

author: Julian Hurst <julian.hurst@digdash.com> 2025-01-23 14:50:48 +0100
committer: Julian Hurst <julian.hurst@digdash.com> 2025-01-23 14:50:48 +0100
commit: bd0126d3f0a56701b14ecea06321b04b73870890 (patch)
tree: cb583c45cfb7d31d2b9dbf5c1ae045a5f1eeab8c
parent: 0af48813e74af53cc0b9c93400a78c19e7aacb2f (diff)
download: box-bd0126d3f0a56701b14ecea06321b04b73870890.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/main.go b/main.go
index f79a111..56445a9 100644
--- a/main.go
+++ b/main.go
@@ -57,6 +57,12 @@ func (handler BoxHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			w.WriteHeader(http.StatusForbidden)
 			return
 		}
+		token := r.Header.Get("X-Token")
+		if token != handler.token {
+			log.Println("unauthorized")
+			w.WriteHeader(http.StatusUnauthorized)
+			return
+		}
 		resourceId := path.Base(r.URL.Path)
 		filename := filepath.Join(handler.filesPath, resourceId)
 		err := os.Remove(filename)
author	Julian Hurst <julian.hurst@digdash.com>	2025-01-23 14:50:48 +0100
committer	Julian Hurst <julian.hurst@digdash.com>	2025-01-23 14:50:48 +0100
commit	bd0126d3f0a56701b14ecea06321b04b73870890 (patch)
tree	cb583c45cfb7d31d2b9dbf5c1ae045a5f1eeab8c
parent	0af48813e74af53cc0b9c93400a78c19e7aacb2f (diff)
download	box-bd0126d3f0a56701b14ecea06321b04b73870890.tar.gz