fix - signed author for backends logic

Author: ha-sante

server/cmd/progressdb/main.go

@@ -18,12 +18,12 @@ import (
 )
 
 func main() {
-    // build metadata - set via ldflags during build/release
-    var (
-        version   = "dev"
-        commit    = "none"
-        buildDate = "unknown"
-    )
+	// build metadata - set via ldflags during build/release
+	var (
+		version   = "dev"
+		commit    = "none"
+		buildDate = "unknown"
+	)
 	// Parse flags (moved into config package to centralize flag parsing)
 	_ = godotenv.Load(".env")
 	addrVal, dbVal, cfgVal, setFlags := config.ParseCommandFlags()
@@ -108,27 +108,27 @@ func main() {
 	if _, err := config.Load(cfgPath); err == nil {
 		srcs = append(srcs, "config")
 	}
-    // Include version/commit info in the startup banner when present.
-    verStr := version
-    if commit != "none" {
-        verStr = verStr + " (" + commit + ")"
-    }
-    if buildDate != "unknown" {
-        verStr = verStr + " @ " + buildDate
-    }
-    banner.Print(addr, dbPath, strings.Join(srcs, ", "), verStr)
+	// Include version/commit info in the startup banner when present.
+	verStr := version
+	if commit != "none" {
+		verStr = verStr + " (" + commit + ")"
+	}
+	if buildDate != "unknown" {
+		verStr = verStr + " @ " + buildDate
+	}
+	banner.Print(addr, dbPath, strings.Join(srcs, ", "), verStr)
 
 	mux := http.NewServeMux()
 
-    // Serve the web viewer at /viewer/
-    mux.Handle("/viewer/", http.StripPrefix("/viewer/", http.FileServer(http.Dir("./viewer"))))
+	// Serve the web viewer at /viewer/
+	mux.Handle("/viewer/", http.StripPrefix("/viewer/", http.FileServer(http.Dir("./viewer"))))
 
-    // Liveness probe used by deployment systems and CI
-    mux.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
-        w.Header().Set("Content-Type", "application/json")
-        w.WriteHeader(http.StatusOK)
-        _, _ = w.Write([]byte("{\"status\":\"ok\"}"))
-    })
+	// Liveness probe used by deployment systems and CI
+	mux.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusOK)
+		_, _ = w.Write([]byte("{\"status\":\"ok\"}"))
+	})
 
 	// API handler (catch-all under /)
 	mux.Handle("/", api.Handler())
@@ -182,7 +182,7 @@ func main() {
 	}
 	config.SetRuntime(rc)
 
-	wrapped := security.NewMiddleware(secCfg)(mux)
+	wrapped := security.AuthenticateRequestMiddleware(secCfg)(mux)
 
 	// TLS support: use values from effective cfg
 	cert := cfg.Server.TLS.CertFile

server/pkg/auth/middleware.go

@@ -14,9 +14,6 @@ import (
 
 type ctxAuthorKey struct{}
 
-// (no exported getter needed; use config.GetSigningKeys and
-// config.GetBackendKeys as the single source of truth)
-
 // RequireSignedAuthor verifies HMAC signature headers and injects the
 // verified author id into the request context.
 func RequireSignedAuthor(next http.Handler) http.Handler {
@@ -26,19 +23,28 @@ func RequireSignedAuthor(next http.Handler) http.Handler {
 		userID := strings.TrimSpace(r.Header.Get("X-User-ID"))
 		sig := strings.TrimSpace(r.Header.Get("X-User-Signature"))
 
-		// Backend/admin callers: allow missing signature but accept header if present.
+		// Backend/admin callers: allow missing signature entirely, or accept
+		// a header-provided author without a signature. If a signature is
+		// present we will verify it below.
 		if role == "backend" || role == "admin" {
-			if userID == "" && sig == "" {
+			if sig == "" {
 				// No signature provided; allow the request through. Handlers may
 				// accept an author from body or X-User-ID header as appropriate.
 				next.ServeHTTP(w, r)
 				return
 			}
-			// If a signature is provided, verify it as usual.
+			// signature present -> fallthrough to verification logic
 		}
 
-		// For frontend or when signature is present, require and verify signature.
-		if userID == "" || sig == "" {
+		// If we reach here and there's no signature, the caller is not a
+		// trusted backend/admin and we must require signature headers.
+		if sig == "" {
+			slog.Warn("missing_signature_headers", "path", r.URL.Path, "remote", r.RemoteAddr)
+			http.Error(w, `{"error":"missing signature headers"}`, http.StatusUnauthorized)
+			return
+		}
+		// signature is present; require userID as well
+		if userID == "" {
 			slog.Warn("missing_signature_headers", "path", r.URL.Path, "remote", r.RemoteAddr)
 			http.Error(w, `{"error":"missing signature headers"}`, http.StatusUnauthorized)
 			return

server/pkg/security/middleware.go

@@ -32,7 +32,7 @@ type SecConfig struct {
 	AllowUnauth    bool
 }
 
-func NewMiddleware(cfg SecConfig) func(http.Handler) http.Handler {
+func AuthenticateRequestMiddleware(cfg SecConfig) func(http.Handler) http.Handler {
 	// Rate limiters keyed by API key or remote IP
 	limiters := &limiterPool{cfg: cfg}
 	return func(next http.Handler) http.Handler {