Add JWT authortization verification

go.mod

@@ -4,6 +4,7 @@ go 1.15
 
 require (
 	github.com/go-shiori/dom v0.0.0-20210627111528-4e4722cd0d65
+	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
 	github.com/sirupsen/logrus v1.8.1

go.sum

@@ -9,6 +9,8 @@ github.com/go-shiori/dom v0.0.0-20210627111528-4e4722cd0d65 h1:zx4B0AiwqKDQq+Agq
 github.com/go-shiori/dom v0.0.0-20210627111528-4e4722cd0d65/go.mod h1:NPO1+buE6TYOWhUI98/hXLHHJhunIpXRuvDN4xjkCoE=
 github.com/gogs/chardet v0.0.0-20191104214054-4b6791f73a28 h1:gBeyun7mySAKWg7Fb0GOcv0upX9bdaZScs8QcRo8mEY=
 github.com/gogs/chardet v0.0.0-20191104214054-4b6791f73a28/go.mod h1:Pcatq5tYkCW2Q6yrR2VRHlbHpZ/R4/7qyL1TCF7vl14=
+github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
+github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
 github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=

main.go

@@ -10,6 +10,7 @@ import (
 
 	"github.com/go-shiori/dom"
 	"github.com/omnivore-app/go-domdistiller/distiller"
+	"github.com/golang-jwt/jwt"
 )
 
 func main() {
@@ -31,17 +32,39 @@ func main() {
 }
 
 func handler(w http.ResponseWriter, r *http.Request) {
+	// decode JWT token and check if it's valid
+	token, err := jwt.Parse(r.Header.Get("Authorization"), func(token *jwt.Token) (interface{}, error) {
+		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+		}
+		return []byte(os.Getenv("JWT_SECRET")), nil
+	})
+	if err != nil {
+		w.WriteHeader(http.StatusUnauthorized)
+		fmt.Fprint(w, "Unauthorized")
+		return
+	}
+	if !token.Valid {
+		w.WriteHeader(http.StatusUnauthorized)
+		fmt.Fprint(w, "Unauthorized")
+		return
+	}
+
 	// Parse request body
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
-		fmt.Println("Failed to read request body:", err)
+		log.Println("Failed to read request body:", err)
+		w.WriteHeader(http.StatusBadRequest)
+		fmt.Fprint(w, "Failed to read request body")
 		return
 	}
 
 	// Apply distiller
 	result, err := distiller.ApplyForReader(strings.NewReader(string(body)), nil)
 	if err != nil {
 		fmt.Println("Failed to apply distiller:", err)
+		w.WriteHeader(http.StatusInternalServerError)
+		fmt.Fprint(w, "Failed to apply distiller")
 		return
 	}