package main import ( "net/http" "github.com/pkg/errors" "github.com/Luzifer/go_helpers/v2/str" "github.com/Luzifer/twitch-bot/twitch" ) func getAuthorizationFromRequest(r *http.Request) (string, *twitch.Client, error) { token := r.Header.Get("Authorization") if token == "" { return "", nil, errors.New("no authorization provided") } tc := twitch.New(cfg.TwitchClient, cfg.TwitchClientSecret, token) user, err := tc.GetAuthorizedUsername() return user, tc, errors.Wrap(err, "getting authorized user") } func botEditorAuthMiddleware(h http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { user, tc, err := getAuthorizationFromRequest(r) if err != nil { http.Error(w, errors.Wrap(err, "getting authorized user").Error(), http.StatusForbidden) return } id, err := tc.GetIDForUsername(user) if err != nil { http.Error(w, errors.Wrap(err, "getting ID for authorized user").Error(), http.StatusForbidden) return } if !str.StringInSlice(user, config.BotEditors) && !str.StringInSlice(id, config.BotEditors) { http.Error(w, "user is not authorized", http.StatusForbidden) return } h.ServeHTTP(w, r) }) }