Check download auth

server/file.go

@@ -4,19 +4,40 @@ import (
 	"log/slog"
 	"net/http"
 	"path/filepath"
+
+	"git.lastassault.de/speatzle/morffix/constants"
 )
 
 func handleFile(w http.ResponseWriter, r *http.Request) {
+	if r.Header.Get(constants.SHARED_SECRET_HEADER) != conf.SharedSecret {
+		w.WriteHeader(http.StatusUnauthorized)
+		return
+	}
+
 	id := r.PathValue("id")
 	if id == "" {
 		http.Error(w, "No id", http.StatusBadRequest)
 		return
 	}
-	// TODO check if worker is working on a task involving this file
+
+	// TODO check if task is currently active and not historic
+	var count int
+	err := db.QueryRow(r.Context(), "SELECT COUNT(*) FROM tasks WHERE file_id = $1 AND worker_id = $2", id, r.Header.Get(constants.UUID_HEADER)).Scan(&count)
+	if err != nil {
+		slog.ErrorContext(r.Context(), "Query Task Count", "err", err)
+		http.Error(w, "Error Query Task Count: "+err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	if count < 1 {
+		slog.ErrorContext(r.Context(), "No Running Task for file", "id", id)
+		http.Error(w, "No Running Task for file: "+id, http.StatusBadRequest)
+		return
+	}
 
 	var fpath string
 	var libraryID int
-	err := db.QueryRow(r.Context(), "SELECT path, library_id FROM files WHERE id = $1", id).Scan(&fpath, &libraryID)
+	err = db.QueryRow(r.Context(), "SELECT path, library_id FROM files WHERE id = $1", id).Scan(&fpath, &libraryID)
 	if err != nil {
 		http.Error(w, "Error Getting File Path: "+err.Error(), http.StatusBadRequest)
 		slog.ErrorContext(r.Context(), "Getting File Path", "err", err)

task/download.go

@@ -11,10 +11,13 @@ import (
 	"slices"
 	"time"
 
+	"git.lastassault.de/speatzle/morffix/config"
+	"git.lastassault.de/speatzle/morffix/constants"
 	"git.lastassault.de/speatzle/morffix/types"
+	"github.com/google/uuid"
 )
 
-func downloadFile(ctx context.Context, l *slog.Logger, address string, path string, t *types.Task) error {
+func downloadFile(ctx context.Context, l *slog.Logger, conf config.Config, path string, t *types.Task) error {
 	l.InfoContext(ctx, "Starting File Download", "task_id", t.ID, "file_id", t.FileID, "path", path, "md5", t.FileMD5)
 
 	out, err := os.Create(path)
@@ -23,11 +26,21 @@ func downloadFile(ctx context.Context, l *slog.Logger, address string, path stri
 	}
 	defer out.Close()
 
-	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%v/files/%v", address, t.FileID), nil)
+	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%v/files/%v", conf.Worker.Address, t.FileID), nil)
 	if err != nil {
 		return fmt.Errorf("New Request: %w", err)
 	}
 
+	uuid, err := uuid.Parse(conf.Worker.ID)
+	if err != nil {
+		return fmt.Errorf("Cannot Parse ID: %w", err)
+	}
+
+	req.Header.Add(constants.SHARED_SECRET_HEADER, conf.SharedSecret)
+	req.Header.Add(constants.NAME_HEADER, conf.Worker.Name)
+	req.Header.Add(constants.UUID_HEADER, uuid.String())
+	req.Header.Add(constants.WORKER_VERSION_HEADER, constants.WORKER_VERSION)
+
 	req.Close = true
 
 	var client = &http.Client{

task/healthcheck.go

@@ -37,7 +37,7 @@ func RunHealthCheck(conf config.Config, t *types.Task, data types.HealthCheckDat
 		}
 	}()
 
-	err := downloadFile(ctx, l, conf.Worker.Address, path, t)
+	err := downloadFile(ctx, l, conf, path, t)
 	if err != nil {
 		l.ErrorContext(ctx, "File Download Failed", "err", err)
 		return

task/transcode.go

@@ -46,7 +46,7 @@ func RunTranscode(conf config.Config, t *types.Task, data types.TranscodeData) {
 		}
 	}()
 
-	err := downloadFile(ctx, l, conf.Worker.Address, src_path, t)
+	err := downloadFile(ctx, l, conf, src_path, t)
 	if err != nil {
 		l.ErrorContext(ctx, "Source File Download Failed", "err", err)
 		return