More fixes

2026-04-15 21:02:13 +02:00 · 2026-04-15 21:02:13 +02:00 · 20f37abbfd
commit 20f37abbfd
parent c8300f5978
5 changed files with 65 additions and 41 deletions
--- a/server/src/web/router.gleam
+++ b/server/src/web/router.gleam
@ -7,6 +7,7 @@ import gleam/http
 import gleam/int
 import gleam/list
 import gleam/otp/actor.{type Started}
+import gleam/string
 import shared/message.{type RoomControl, type StateControl}
 import web/handlers/serve.{html_404}
 import wisp.{type Request, type Response}
@ -49,14 +50,22 @@ fn handle_api(

  case list.key_find(req.headers, "x-api-key") {
    Ok(key) -> {
+      echo "key" <> key
+      echo "enc key "
+        <> string.lowercase(
+          bit_array.base16_encode(crypto.hash(crypto.Sha256, <<key:utf8>>)),
+        )
+      echo "sha" <> sha_api_key
      case
-        bit_array.base16_encode(crypto.hash(crypto.Sha256, <<key:utf8>>))
-        == sha_api_key
+        string.lowercase(
+          bit_array.base16_encode(crypto.hash(crypto.Sha256, <<key:utf8>>)),
+        )
+        == string.lowercase(sha_api_key)
      {
        True ->
          case path {
-            ["api", "room"] -> handle_room(room_handler, req, json)
-            ["api", ..path] -> handle_admin_api(state_handler, req, path, json)
+            ["room"] -> handle_room(room_handler, req, json)
+            [..path] -> handle_admin_api(state_handler, req, path, json)
            _ -> #(404, "bad api path", "Resource not found")
          }
        False -> {
@ -77,29 +86,13 @@ fn handle_admin_api(
  path: List(String),
  json: dynamic.Dynamic,
 ) {
-  case list.key_find(req.headers, "x-api-key") {
-    Ok(key) -> {
-      case
-        bit_array.base64_encode(crypto.hash(crypto.Sha256, <<key:utf8>>), True)
-        == "1nIr1fQzs0K9UZAeUcG/67n12iRiviIS6gO5WXyI2+0="
-      {
-        True ->
-          case req.method, path {
-            http.Post, ["info"] -> decode_info(actor, json)
-            http.Post, ["questions"] ->
-              decode_index_to_text(actor, json, message.SetQuestion)
-            http.Post, ["answers"] ->
-              decode_index_to_text(actor, json, message.SetAnswer)
-            _, _ -> #(404, "bad api path", "Resource not found")
-          }
-        False -> {
-          #(401, "invalid api key", "unauthorized")
-        }
-      }
-    }
-    Error(_) -> {
-      #(401, "missing api key", "unauthorized")
-    }
+  case req.method, path {
+    http.Post, ["info"] -> decode_info(actor, json)
+    http.Post, ["questions"] ->
+      decode_index_to_text(actor, json, message.SetQuestion)
+    http.Post, ["answers"] ->
+      decode_index_to_text(actor, json, message.SetAnswer)
+    _, _ -> #(404, "bad api path", "Resource not found")
  }
 }