add API JWT auth.

internal/api/router.go

@@ -2,10 +2,12 @@ package api
 
 import (
 	"github.com/go-chi/chi"
+	"github.com/go-chi/jwtauth"
 	
 	"demodesk/neko/internal/api/member"
 	"demodesk/neko/internal/api/room"
 	"demodesk/neko/internal/types"
+	"demodesk/neko/internal/types/config"
 )
 
 type API struct {
@@ -15,13 +17,18 @@ type API struct {
 	websocket  types.WebSocketHandler
 }
 
+var AdminToken *jwtauth.JWTAuth
+var UserToken *jwtauth.JWTAuth
+
 func New(
 	sessions types.SessionManager,
 	remote types.RemoteManager,
 	broadcast types.BroadcastManager,
 	websocket types.WebSocketHandler,
+	conf *config.Server,
 ) *API {
-	// Init
+	AdminToken = jwtauth.New("HS256", []byte(conf.AdminToken), nil)
+	UserToken = jwtauth.New("HS256", []byte(conf.UserToken), nil)
 
 	return &API{
 		sessions:   sessions,
@@ -31,12 +38,35 @@ func New(
 	}
 }
 
-func (a *API) Mount(router *chi.Mux) {
-	// all member routes
+func (a *API) Mount(r *chi.Mux) {
 	memberHandler := member.New(a.sessions, a.websocket)
-	router.Mount("/member", memberHandler.Router())
+	r.Mount("/member", memberHandler.Router(UsersOnly, AdminsOnly))
 
-	// get room routes
 	roomHandler := room.New(a.sessions, a.remote, a.broadcast, a.websocket)
-	router.Mount("/room", roomHandler.Router())
+	r.Mount("/room", roomHandler.Router(UsersOnly, AdminsOnly))
+}
+
+func UsersOnly(r chi.Router, protectedRoutes func(r chi.Router)) {
+	r.Group(func(r chi.Router) {
+		// Verify JWT tokens
+		r.Use(jwtauth.Verifier(UserToken))
+		r.Use(jwtauth.Verifier(AdminToken))
+
+		// Handle valid / invalid tokens.
+		r.Use(jwtauth.Authenticator)
+
+		protectedRoutes(r)
+	})
+}
+
+func AdminsOnly(r chi.Router, protectedRoutes func(r chi.Router)) {
+	r.Group(func(r chi.Router) {
+		// Verify JWT token
+		r.Use(jwtauth.Verifier(AdminToken))
+
+		// Handle valid / invalid tokens.
+		r.Use(jwtauth.Authenticator)
+
+		protectedRoutes(r)
+	})
 }