From bd0126d3f0a56701b14ecea06321b04b73870890 Mon Sep 17 00:00:00 2001
From: Julian Hurst <julian.hurst@digdash.com>
Date: Thu, 23 Jan 2025 14:50:48 +0100
Subject: Make deleting fail if no/invalid token

---
 main.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/main.go b/main.go
index f79a111..56445a9 100644
--- a/main.go
+++ b/main.go
@@ -57,6 +57,12 @@ func (handler BoxHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			w.WriteHeader(http.StatusForbidden)
 			return
 		}
+		token := r.Header.Get("X-Token")
+		if token != handler.token {
+			log.Println("unauthorized")
+			w.WriteHeader(http.StatusUnauthorized)
+			return
+		}
 		resourceId := path.Base(r.URL.Path)
 		filename := filepath.Join(handler.filesPath, resourceId)
 		err := os.Remove(filename)
-- 
cgit v1.2.3