package api import ( "log" "net/http" "time" ) // APIKeyAuth - Middleware fuer API-Key Authentifizierung func APIKeyAuth(validKeys []string, next http.Handler) http.Handler { keySet := make(map[string]bool, len(validKeys)) for _, k := range validKeys { keySet[k] = true } return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { key := r.Header.Get("X-API-Key") // Fallback: Query-Parameter (fuer WebSocket-Verbindungen) if key == "" { key = r.URL.Query().Get("api_key") } if key == "" || !keySet[key] { http.Error(w, `{"error":"unauthorized"}`, http.StatusUnauthorized) return } next.ServeHTTP(w, r) }) } // Logging - Request-Logging Middleware func Logging(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { start := time.Now() next.ServeHTTP(w, r) log.Printf("%s %s %s", r.Method, r.URL.Path, time.Since(start)) }) }