Checking for short APIKeys and rejecting

2024-11-10 00:20:02 +00:00 · 2015-02-07 21:01:05 +01:00 · 2015-02-07 21:01:05 +01:00 · ee0fe6e221
commit ee0fe6e221
parent 9c289377df
2 changed files with 5 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 gin-bin
+mondash
--- a/main.go
+++ b/main.go
@ -101,6 +101,10 @@ func main() {

 		dash, err := LoadDashboard(params["dashid"])
 		if err != nil {
+			if len(req.Header.Get("Authorization")) < 10 {
+				http.Error(res, "APIKey is too insecure", http.StatusUnauthorized)
+				return
+			}
 			dash = &Dashboard{APIKey: req.Header.Get("Authorization"), Metrics: DashboardMetrics{}, DashboardID: params["dashid"]}
 		}