Major refactor to library

pkg/handlers/middleware.go

@@ -0,0 +1,71 @@
+package handlers
+
+import "net/http"
+
+// Auth is the middleware that wraps handlers with authentication
+func (h *Handlers) Auth(next http.HandlerFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		// If auth is disabled
+		if h.authConfig.Disabled {
+			next(w, r)
+			return
+		}
+
+		// If custom validator is provided
+		if h.authConfig.Validator != nil {
+			if h.authConfig.Validator(r) {
+				next(w, r)
+				return
+			}
+			http.Error(w, "Unauthorized", http.StatusUnauthorized)
+			return
+		}
+
+		// Built-in auth logic (API key, basic auth)
+		if h.validateBuiltinAuth(r) {
+			next(w, r)
+			return
+		}
+
+		w.Header().Set("WWW-Authenticate", `Basic realm="WhatsHooked"`)
+		http.Error(w, "Unauthorized", http.StatusUnauthorized)
+	}
+}
+
+// validateBuiltinAuth checks API key or basic auth
+func (h *Handlers) validateBuiltinAuth(r *http.Request) bool {
+	// Check if any authentication is configured
+	hasAuth := h.authConfig.APIKey != "" || h.authConfig.Username != "" || h.authConfig.Password != ""
+	if !hasAuth {
+		// No authentication configured, allow access
+		return true
+	}
+
+	// Check for API key authentication (x-api-key header or Authorization bearer token)
+	if h.authConfig.APIKey != "" {
+		// Check x-api-key header
+		apiKey := r.Header.Get("x-api-key")
+		if apiKey == h.authConfig.APIKey {
+			return true
+		}
+
+		// Check Authorization header for bearer token
+		authHeader := r.Header.Get("Authorization")
+		if len(authHeader) > 7 && authHeader[:7] == "Bearer " {
+			token := authHeader[7:]
+			if token == h.authConfig.APIKey {
+				return true
+			}
+		}
+	}
+
+	// Check for username/password authentication (HTTP Basic Auth)
+	if h.authConfig.Username != "" && h.authConfig.Password != "" {
+		username, password, ok := r.BasicAuth()
+		if ok && username == h.authConfig.Username && password == h.authConfig.Password {
+			return true
+		}
+	}
+
+	return false
+}