jonasclaes/go-thermal-printer
1
0
Fork 0
Code Issues Pull requests Projects Releases 18 Packages Wiki Activity Actions

feat: implement API key authentication for endpoints #3

Merged
jonasclaes merged 3 commits from dev/add-api-key-middleware into main 2025-08-11 20:34:28 +00:00
Conversation 3 Commits 3 Files changed 9 +114 -3
jonasclaes commented 2025-08-11 19:54:22 +00:00 (Migrated from github.com)
Copy link
No description provided.
copilot-pull-request-reviewer[bot] (Migrated from github.com) reviewed 2025-08-11 20:09:12 +00:00
copilot-pull-request-reviewer[bot] (Migrated from github.com) left a comment
Copy link

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.
copilot-pull-request-reviewer[bot] (Migrated from github.com) reviewed 2025-08-11 20:29:02 +00:00
copilot-pull-request-reviewer[bot] (Migrated from github.com) left a comment
Copy link

Pull Request Overview

This PR implements API key authentication for all API endpoints to secure access to the thermal printer service. The authentication is implemented using a middleware approach with proper error handling and configuration support.

  • Adds API key authentication middleware that validates X-Api-Key header against configured value
  • Updates error handling to support custom application errors with specific HTTP status codes
  • Configures API key requirement for all /api routes while keeping health endpoint public

Reviewed Changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
requests.http Adds API key variable and headers to HTTP test requests
pkg/model/app-config.go Adds ApiKey field to ServerConfig struct
pkg/middleware/error-handler.go Enhances error handling to support custom AppError types
pkg/middleware/api-key.go Implements new API key validation middleware
pkg/common/errors.go Defines AppError interface and InvalidAPIKeyError type
pkg/bootstrap/router-bootstrap.go Applies API key middleware to all /api routes
config.example.toml Adds api_key configuration example
config.docker.toml Adds api_key configuration for Docker setup
README.md Documents API key authentication requirements and usage
## Pull Request Overview This PR implements API key authentication for all API endpoints to secure access to the thermal printer service. The authentication is implemented using a middleware approach with proper error handling and configuration support. - Adds API key authentication middleware that validates X-Api-Key header against configured value - Updates error handling to support custom application errors with specific HTTP status codes - Configures API key requirement for all `/api` routes while keeping health endpoint public ### Reviewed Changes Copilot reviewed 9 out of 9 changed files in this pull request and generated 3 comments. <details> <summary>Show a summary per file</summary> | File | Description | | ---- | ----------- | | requests.http | Adds API key variable and headers to HTTP test requests | | pkg/model/app-config.go | Adds ApiKey field to ServerConfig struct | | pkg/middleware/error-handler.go | Enhances error handling to support custom AppError types | | pkg/middleware/api-key.go | Implements new API key validation middleware | | pkg/common/errors.go | Defines AppError interface and InvalidAPIKeyError type | | pkg/bootstrap/router-bootstrap.go | Applies API key middleware to all `/api` routes | | config.example.toml | Adds api_key configuration example | | config.docker.toml | Adds api_key configuration for Docker setup | | README.md | Documents API key authentication requirements and usage | </details>
pkg/middleware/api-key.go
@ -0,0 +1,42 @@
package middleware
copilot-pull-request-reviewer[bot] (Migrated from github.com) commented 2025-08-11 20:29:02 +00:00
Copy link

Consider trimming whitespace from the API key header value to handle potential formatting issues in client requests that could cause authentication failures.

	apiKey := strings.TrimSpace(c.GetHeader("X-Api-Key"))
Consider trimming whitespace from the API key header value to handle potential formatting issues in client requests that could cause authentication failures. ```suggestion apiKey := strings.TrimSpace(c.GetHeader("X-Api-Key")) ```
pkg/middleware/api-key.go
@ -0,0 +37,4 @@
if apiKey != m.configService.GetServerConfig().ApiKey {
return &common.InvalidAPIKeyError{}
}
copilot-pull-request-reviewer[bot] (Migrated from github.com) commented 2025-08-11 20:29:01 +00:00
Copy link

The API key comparison should handle the case where the configured API key is empty. If no API key is configured, all requests would be accepted, which could be a security risk. Consider rejecting requests when the configured API key is empty.

	configuredApiKey := m.configService.GetServerConfig().ApiKey

	if configuredApiKey == "" {
		return &common.InvalidAPIKeyError{}
	}

	if apiKey != configuredApiKey {
		return &common.InvalidAPIKeyError{}
	}
The API key comparison should handle the case where the configured API key is empty. If no API key is configured, all requests would be accepted, which could be a security risk. Consider rejecting requests when the configured API key is empty. ```suggestion configuredApiKey := m.configService.GetServerConfig().ApiKey if configuredApiKey == "" { return &common.InvalidAPIKeyError{} } if apiKey != configuredApiKey { return &common.InvalidAPIKeyError{} } ```
pkg/middleware/error-handler.go
@ -17,7 +20,20 @@ func (m *ErrorHandlerMiddleware) Add() gin.HandlerFunc {
c.Next()
copilot-pull-request-reviewer[bot] (Migrated from github.com) commented 2025-08-11 20:29:01 +00:00
Copy link

This code will panic if the message string is empty. Add a length check before accessing message[0] and message[1:] to prevent runtime panics.

	if len(message) > 0 {
		message = strings.ToUpper(message[:1]) + message[1:]
	}
This code will panic if the message string is empty. Add a length check before accessing message[0] and message[1:] to prevent runtime panics. ```suggestion if len(message) > 0 { message = strings.ToUpper(message[:1]) + message[1:] } ```
jonasclaes (Migrated from github.com) reviewed 2025-08-11 20:32:03 +00:00
pkg/middleware/api-key.go
@ -0,0 +37,4 @@
if apiKey != m.configService.GetServerConfig().ApiKey {
return &common.InvalidAPIKeyError{}
}
jonasclaes (Migrated from github.com) commented 2025-08-11 20:32:03 +00:00
Copy link

It's a feature, not a bug. If people want to add no auth, that's fine. For example when it's only available on localhost...

It's a feature, not a bug. If people want to add no auth, that's fine. For example when it's only available on localhost...
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug
Something isn't working

  
documentation
Improvements or additions to documentation

  
duplicate
This issue or pull request already exists

  
enhancement
New feature or request

  
good first issue
Good for newcomers

  
help wanted
Extra attention is needed

  
invalid
This doesn't seem right

  
question
Further information is requested

  
wontfix
This will not be worked on

No labels
bug
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
jonasclaes/go-thermal-printer!3
No description provided.