cleanup

2026-04-19 16:56:39 +00:00 · 2026-01-15 14:54:33 +01:00
parent 12b38e25da
commit ed5f98da5b
22 changed files with 1511 additions and 1392 deletions
--- a/proxy/internal/auth/methods/pin_auth.go
+++ b/proxy/internal/auth/methods/pin_auth.go
@@ -0,0 +1,33 @@
+package methods
+
+import (
+	"crypto/subtle"
+	"net/http"
+)
+
+const (
+	// DefaultPINHeader is the default header name for PIN authentication
+	DefaultPINHeader = "X-PIN"
+)
+
+// PINConfig holds PIN authentication settings
+type PINConfig struct {
+	PIN    string
+	Header string // Header name (default: "X-PIN")
+}
+
+// Validate checks PIN from the request header
+func (c *PINConfig) Validate(r *http.Request) bool {
+	header := c.Header
+	if header == "" {
+		header = DefaultPINHeader
+	}
+
+	providedPIN := r.Header.Get(header)
+	if providedPIN == "" {
+		return false
+	}
+
+	// Use constant-time comparison to prevent timing attacks
+	return subtle.ConstantTimeCompare([]byte(providedPIN), []byte(c.PIN)) == 1
+}