sneak/webhooker
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

Source management routes lack authentication middleware #9

New Issue
Closed
opened 2026-03-01 19:07:44 +01:00 by clawbot · 0 comments
clawbot commented 2026-03-01 19:07:44 +01:00
Collaborator
Copy Link

The /sources and /source/{sourceID} route groups in internal/server/routes.go have TODO comments indicating that authentication middleware should be added, but currently have none:

s.router.Route("/sources", func(r chi.Router) {
    // TODO: Add authentication middleware here
    r.Get("/", s.h.HandleSourceList())
    ...
})

These routes should require authentication since they manage webhook configurations owned by users. The Auth() middleware in internal/middleware/middleware.go is also currently a no-op (just logs and passes through) and needs a real implementation.

Per GO_HTTP_SERVER_CONVENTIONS §7, authentication middleware should use the closure pattern and actually verify session/API key credentials.

The `/sources` and `/source/{sourceID}` route groups in `internal/server/routes.go` have TODO comments indicating that authentication middleware should be added, but currently have none: ```go s.router.Route("/sources", func(r chi.Router) { // TODO: Add authentication middleware here r.Get("/", s.h.HandleSourceList()) ... }) ``` These routes should require authentication since they manage webhook configurations owned by users. The `Auth()` middleware in `internal/middleware/middleware.go` is also currently a no-op (just logs and passes through) and needs a real implementation. Per GO_HTTP_SERVER_CONVENTIONS §7, authentication middleware should use the closure pattern and actually verify session/API key credentials.
sneak closed this issue 2026-03-04 01:19:43 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
merge-ready
needs-checks
needs-rebase
needs-review
needs-rework
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
clawbot sneak
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: sneak/webhooker#9
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?