From b265b5c7dc55d6acba3f270c7e3d2b88f70ca310 Mon Sep 17 00:00:00 2001
From: Pavel Botsman <11509664+botsman@users.noreply.github.com>
Date: Fri, 3 Oct 2025 10:10:34 +0300
Subject: [PATCH] add header auth

---
 .vscode/launch.json |  7 ++++++-
 app/run.go          | 15 +++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/.vscode/launch.json b/.vscode/launch.json
index db8a75b..f5d4d7d 100644
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -16,7 +16,12 @@
             "type": "go",
             "request": "launch",
             "mode": "debug",
-            "program": "server/run.go"
+            "program": "server/run.go",
+            "env": {
+                "DATABASE_URL": "mongodb://localhost:27017/tppVerifier",
+                "AUTH_HEADER_NAME": "X-RapidAPI-Proxy-Secret",
+                "AUTH_HEADER_VALUE": "secret"
+            }
         },
         {
             "name": "Launch Package",
diff --git a/app/run.go b/app/run.go
index cfa3929..3fda375 100644
--- a/app/run.go
+++ b/app/run.go
@@ -2,6 +2,7 @@ package app
 
 import (
 	"net/http"
+	"os"
 
 	"github.com/gin-gonic/gin"
 
@@ -14,6 +15,20 @@ type HttpClient interface {
 
 func SetupRouter(vs *verify.VerifySvc) *gin.Engine {
 	r := gin.Default()
+	headerName := os.Getenv("AUTH_HEADER_NAME")
+	headerValue := os.Getenv("AUTH_HEADER_VALUE")
+	if headerName == "" || headerValue == "" {
+		panic("AUTH_HEADER_NAME and AUTH_HEADER_VALUE must be set")
+	}
+
+	r.Use(func(c *gin.Context) {
+		if c.GetHeader(headerName) != headerValue {
+			c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "Invalid or missing header"})
+			return
+		}
+		c.Next()
+	})
+
 	r.POST("/tpp/verify", vs.Verify)
 	r.GET("/health", func(c *gin.Context) {
 		c.JSON(http.StatusOK, gin.H{"status": "ok"})