Implementing middleware to protect specific routes

cmd/api/middleware.go

@@ -0,0 +1,14 @@
+package main
+
+import "net/http"
+
+func (app *application) Auth(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		_, err := app.authenticateToken(r)
+		if err != nil {
+			app.invalidCredentials(w)
+			return
+		}
+		next.ServeHTTP(w, r)
+	})
+}

cmd/api/routes-api.go

@@ -24,6 +24,13 @@ func (app *application) routes() http.Handler {
 
 	mux.Post("/api/authenticate", app.CreateAuthToken)
 	mux.Post("/api/is-authenticated", app.CheckAuthentication)
+	mux.Route("/api/admin", func(mux chi.Router) {
+		mux.Use(app.Auth)
+
+		mux.Get("/test", func(w http.ResponseWriter, r *http.Request) {
+			w.Write([]byte("got in"))
+		})
+	})
 
 	return mux
 }