diff --git a/cmd/adminapi/main.go b/cmd/adminapi/main.go index 0207c8ed1..5ab5801d9 100644 --- a/cmd/adminapi/main.go +++ b/cmd/adminapi/main.go @@ -130,26 +130,31 @@ func realMain(ctx context.Context) error { return fmt.Errorf("failed to create renderer: %w", err) } - r.Handle("/health", controller.HandleHealthz(ctx, &config.Database, h)).Methods("GET") - - // Setup API auth - requireAPIKey := middleware.RequireAPIKey(ctx, cacher, db, h, []database.APIUserType{ - database.APIUserTypeAdmin, - }) - - // Install the APIKey Auth Middleware - r.Use(requireAPIKey) + // Install the rate limiting first. In this case, we want to limit by key + // first to reduce the chance of a database lookup. r.Use(rateLimit) - issueapiController, err := issueapi.New(ctx, config, db, h) - if err != nil { - return fmt.Errorf("issueapi.New: %w", err) + r.Handle("/health", controller.HandleHealthz(ctx, &config.Database, h)).Methods("GET") + { + sub := r.PathPrefix("/api").Subrouter() + + // Setup API auth + requireAPIKey := middleware.RequireAPIKey(ctx, cacher, db, h, []database.APIUserType{ + database.APIUserTypeDevice, + }) + // Install the APIKey Auth Middleware + sub.Use(requireAPIKey) + + issueapiController, err := issueapi.New(ctx, config, db, h) + if err != nil { + return fmt.Errorf("issueapi.New: %w", err) + } + sub.Handle("/issue", issueapiController.HandleIssue()).Methods("POST") + + codeStatusController := codestatus.NewAPI(ctx, config, db, h) + sub.Handle("/checkcodestatus", codeStatusController.HandleCheckCodeStatus()).Methods("POST") + sub.Handle("/expirecode", codeStatusController.HandleExpireAPI()).Methods("POST") } - r.Handle("/api/issue", issueapiController.HandleIssue()).Methods("POST") - - codeStatusController := codestatus.NewAPI(ctx, config, db, h) - r.Handle("/api/checkcodestatus", codeStatusController.HandleCheckCodeStatus()).Methods("POST") - r.Handle("/api/expirecode", codeStatusController.HandleExpireAPI()).Methods("POST") srv, err := server.New(config.Port) if err != nil { diff --git a/cmd/apiserver/main.go b/cmd/apiserver/main.go index 83a0426f5..df16d33d8 100644 --- a/cmd/apiserver/main.go +++ b/cmd/apiserver/main.go @@ -143,37 +143,40 @@ func realMain(ctx context.Context) error { return fmt.Errorf("failed to create renderer: %w", err) } - r.Handle("/health", controller.HandleHealthz(ctx, &config.Database, h)).Methods("GET") - - // Setup API auth - requireAPIKey := middleware.RequireAPIKey(ctx, cacher, db, h, []database.APIUserType{ - database.APIUserTypeDevice, - }) - // Install the rate limiting first. In this case, we want to limit by key // first to reduce the chance of a database lookup. r.Use(rateLimit) - // Install the APIKey Auth Middleware - r.Use(requireAPIKey) - - // POST /api/verify - verifyChaff := chaff.New() - defer verifyChaff.Close() - verifyapiController, err := verifyapi.New(ctx, config, db, h, tokenSigner) - if err != nil { - return fmt.Errorf("failed to create verify api controller: %w", err) - } - r.Handle("/api/verify", handleChaff(verifyChaff, verifyapiController.HandleVerify())).Methods("POST") + r.Handle("/health", controller.HandleHealthz(ctx, &config.Database, h)).Methods("GET") - // POST /api/certificate - certChaff := chaff.New() - defer certChaff.Close() - certapiController, err := certapi.New(ctx, config, db, h, certificateSigner) - if err != nil { - return fmt.Errorf("failed to create certapi controller: %w", err) + { + sub := r.PathPrefix("/api").Subrouter() + + // Setup API auth + requireAPIKey := middleware.RequireAPIKey(ctx, cacher, db, h, []database.APIUserType{ + database.APIUserTypeDevice, + }) + // Install the APIKey Auth Middleware + sub.Use(requireAPIKey) + + // POST /api/verify + verifyChaff := chaff.New() + defer verifyChaff.Close() + verifyapiController, err := verifyapi.New(ctx, config, db, h, tokenSigner) + if err != nil { + return fmt.Errorf("failed to create verify api controller: %w", err) + } + sub.Handle("/verify", handleChaff(verifyChaff, verifyapiController.HandleVerify())).Methods("POST") + + // POST /api/certificate + certChaff := chaff.New() + defer certChaff.Close() + certapiController, err := certapi.New(ctx, config, db, h, certificateSigner) + if err != nil { + return fmt.Errorf("failed to create certapi controller: %w", err) + } + sub.Handle("/certificate", handleChaff(certChaff, certapiController.HandleCertificate())).Methods("POST") } - r.Handle("/api/certificate", handleChaff(certChaff, certapiController.HandleCertificate())).Methods("POST") srv, err := server.New(config.Port) if err != nil {