thread-master/backend/internal/middleware/workersecret_middleware.go

package middleware

import (
	"crypto/subtle"
	"net/http"
	"strings"

	"haixun-backend/internal/config"
	app "haixun-backend/internal/library/errors"
	"haixun-backend/internal/library/errors/code"
	"haixun-backend/internal/response"
)

const WorkerSecretHeader = "X-Worker-Secret"

// WorkerSecretMiddleware enforces X-Worker-Secret on internal worker routes.
// The secret is REQUIRED: when InternalWorker.Secret is empty the middleware
// rejects every request (fail closed) instead of passing through, so the
// internal worker endpoints can never be exposed unauthenticated.
type WorkerSecretMiddleware struct {
	cfg config.InternalWorkerConf
}

func NewWorkerSecretMiddleware(cfg config.InternalWorkerConf) *WorkerSecretMiddleware {
	return &WorkerSecretMiddleware{cfg: cfg}
}

func (m *WorkerSecretMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		secret := strings.TrimSpace(m.cfg.Secret)
		if secret == "" {
			response.Write(r.Context(), w, nil, app.For(code.Auth).AuthForbidden("internal worker secret is not configured"))
			return
		}
		provided := r.Header.Get(WorkerSecretHeader)
		if subtle.ConstantTimeCompare([]byte(provided), []byte(secret)) != 1 {
			response.Write(r.Context(), w, nil, app.For(code.Auth).AuthUnauthorized("invalid worker secret"))
			return
		}
		next(w, r)
	}
}
first commit 2026-06-26 08:37:04 +00:00			`package middleware`

			`import (`
fix2 2026-06-26 16:02:06 +00:00			`"crypto/subtle"`
first commit 2026-06-26 08:37:04 +00:00			`"net/http"`
			`"strings"`

			`"haixun-backend/internal/config"`
			`app "haixun-backend/internal/library/errors"`
			`"haixun-backend/internal/library/errors/code"`
			`"haixun-backend/internal/response"`
			`)`

			`const WorkerSecretHeader = "X-Worker-Secret"`

fix2 2026-06-26 16:02:06 +00:00			`// WorkerSecretMiddleware enforces X-Worker-Secret on internal worker routes.`
			`// The secret is REQUIRED: when InternalWorker.Secret is empty the middleware`
			`// rejects every request (fail closed) instead of passing through, so the`
			`// internal worker endpoints can never be exposed unauthenticated.`
first commit 2026-06-26 08:37:04 +00:00			`type WorkerSecretMiddleware struct {`
			`cfg config.InternalWorkerConf`
			`}`

			`func NewWorkerSecretMiddleware(cfg config.InternalWorkerConf) *WorkerSecretMiddleware {`
			`return &WorkerSecretMiddleware{cfg: cfg}`
			`}`

			`func (m *WorkerSecretMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {`
			`return func(w http.ResponseWriter, r *http.Request) {`
			`secret := strings.TrimSpace(m.cfg.Secret)`
fix2 2026-06-26 16:02:06 +00:00			`if secret == "" {`
			`response.Write(r.Context(), w, nil, app.For(code.Auth).AuthForbidden("internal worker secret is not configured"))`
			`return`
			`}`
			`provided := r.Header.Get(WorkerSecretHeader)`
			`if subtle.ConstantTimeCompare([]byte(provided), []byte(secret)) != 1 {`
first commit 2026-06-26 08:37:04 +00:00			`response.Write(r.Context(), w, nil, app.For(code.Auth).AuthUnauthorized("invalid worker secret"))`
			`return`
			`}`
			`next(w, r)`
			`}`
			`}`