Protect monitoring TG API with internal key

This commit is contained in:
Grendgi
2026-06-12 16:32:10 +03:00
parent 1f1354e72b
commit 778b48cc12
2 changed files with 18 additions and 0 deletions

View File

@@ -50,6 +50,7 @@ type config struct {
LLMTimeout time.Duration LLMTimeout time.Duration
AIServiceURL string AIServiceURL string
AIServiceToken string AIServiceToken string
InternalAPIKey string
MinioEndpoint string MinioEndpoint string
MinioAccessKey string MinioAccessKey string
MinioSecretKey string MinioSecretKey string
@@ -191,6 +192,9 @@ func (a *app) serveHTTP(w http.ResponseWriter, r *http.Request) {
writeError(w, http.StatusNotFound, "not found") writeError(w, http.StatusNotFound, "not found")
return return
} }
if !a.checkInternalAuth(w, r) {
return
}
ctx := r.Context() ctx := r.Context()
switch { switch {
@@ -227,6 +231,18 @@ func (a *app) serveHTTP(w http.ResponseWriter, r *http.Request) {
} }
} }
func (a *app) checkInternalAuth(w http.ResponseWriter, r *http.Request) bool {
want := strings.TrimSpace(a.cfg.InternalAPIKey)
if want == "" {
return true
}
if r.Header.Get("X-Internal-Key") != want {
writeError(w, http.StatusUnauthorized, "unauthorized")
return false
}
return true
}
func (a *app) apiPath(path string) string { func (a *app) apiPath(path string) string {
base := strings.TrimRight(a.cfg.PublicBasePath, "/") base := strings.TrimRight(a.cfg.PublicBasePath, "/")
if base != "" && strings.HasPrefix(path, base+"/") { if base != "" && strings.HasPrefix(path, base+"/") {
@@ -1873,6 +1889,7 @@ func loadConfig() config {
LLMTimeout: time.Duration(envInt("LLM_TIMEOUT_SECONDS", 120)) * time.Second, LLMTimeout: time.Duration(envInt("LLM_TIMEOUT_SECONDS", 120)) * time.Second,
AIServiceURL: env("AI_SERVICE_URL", ""), AIServiceURL: env("AI_SERVICE_URL", ""),
AIServiceToken: env("AI_SERVICE_TOKEN", ""), AIServiceToken: env("AI_SERVICE_TOKEN", ""),
InternalAPIKey: env("INTERNAL_API_KEY", env("PORTAL_INTERNAL_API_KEY", "")),
MinioEndpoint: env("MINIO_ENDPOINT", ""), MinioEndpoint: env("MINIO_ENDPOINT", ""),
MinioAccessKey: env("MINIO_ACCESS_KEY", ""), MinioAccessKey: env("MINIO_ACCESS_KEY", ""),
MinioSecretKey: env("MINIO_SECRET_KEY", ""), MinioSecretKey: env("MINIO_SECRET_KEY", ""),

View File

@@ -10,6 +10,7 @@ stringData:
TG_PHONE: "+971524994695" TG_PHONE: "+971524994695"
TG_SESSION_STRING: "" TG_SESSION_STRING: ""
POSTGRES_PASSWORD: "parser" POSTGRES_PASSWORD: "parser"
INTERNAL_API_KEY: "36fe89ed40c01fdc54d3cf4e3fcacc8751dc456a4a1acd394e9fed48257c5734"
AI_SERVICE_TOKEN: "d18bcacf9e02bae1806ee6b6eeda62b95be6a915c0a22936d9a700128b275442" AI_SERVICE_TOKEN: "d18bcacf9e02bae1806ee6b6eeda62b95be6a915c0a22936d9a700128b275442"
MINIO_ACCESS_KEY: "admjn" MINIO_ACCESS_KEY: "admjn"
MINIO_SECRET_KEY: "TropicalMacaw9Fantasize" MINIO_SECRET_KEY: "TropicalMacaw9Fantasize"