forked from baron/baron-sso
59 lines
1.3 KiB
Go
59 lines
1.3 KiB
Go
package handler
|
|
|
|
import (
|
|
"log/slog"
|
|
"os"
|
|
|
|
"github.com/descope/go-sdk/descope/client"
|
|
"github.com/gofiber/fiber/v2"
|
|
)
|
|
|
|
type AdminHandler struct {
|
|
DescopeClient *client.DescopeClient
|
|
}
|
|
|
|
func NewAdminHandler() *AdminHandler {
|
|
projectID := os.Getenv("DESCOPE_PROJECT_ID")
|
|
managementKey := os.Getenv("DESCOPE_MANAGEMENT_KEY")
|
|
|
|
var descopeClient *client.DescopeClient
|
|
var err error
|
|
|
|
if projectID != "" && managementKey != "" {
|
|
descopeClient, err = client.NewWithConfig(&client.Config{
|
|
ProjectID: projectID,
|
|
ManagementKey: managementKey,
|
|
})
|
|
if err != nil {
|
|
slog.Warn("Failed to initialize Descope Client for Admin", "error", err)
|
|
}
|
|
} else {
|
|
slog.Warn("DESCOPE_PROJECT_ID or DESCOPE_MANAGEMENT_KEY missing. Admin functions will fail.")
|
|
}
|
|
|
|
return &AdminHandler{
|
|
DescopeClient: descopeClient,
|
|
}
|
|
}
|
|
|
|
// checkAuth Helper
|
|
func (h *AdminHandler) checkAuth(c *fiber.Ctx) error {
|
|
adminPass := os.Getenv("ADMIN_PASSWORD")
|
|
if adminPass == "" {
|
|
adminPass = "admin" // Default fallback
|
|
}
|
|
|
|
reqPass := c.Get("X-Admin-Password")
|
|
if reqPass != adminPass {
|
|
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "Invalid Admin Password"})
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (h *AdminHandler) CheckAuth(c *fiber.Ctx) error {
|
|
if err := requireAdmin(c); err != nil {
|
|
return err
|
|
}
|
|
return c.Status(fiber.StatusOK).JSON(fiber.Map{"status": "ok"})
|
|
}
|