feat(api): add internal auth

crates/api/src/auth.rs

@@ -7,11 +7,16 @@ pub const INTERNAL_APPID_HEADER: &'static str = "x-pluralkit-appid";
 pub struct AuthState {
     system_id: Option<i32>,
     app_id: Option<i32>,
+    internal: bool,
 }
 
 impl AuthState {
-    pub fn new(system_id: Option<i32>, app_id: Option<i32>) -> Self {
-        Self { system_id, app_id }
+    pub fn new(system_id: Option<i32>, app_id: Option<i32>, internal: bool) -> Self {
+        Self {
+            system_id,
+            app_id,
+            internal,
+        }
     }
 
     pub fn system_id(&self) -> Option<i32> {
@@ -22,6 +27,10 @@ impl AuthState {
         self.app_id
     }
 
+    pub fn internal(&self) -> bool {
+        self.internal
+    }
+
     pub fn access_level_for(&self, a: &impl Authable) -> PrivacyLevel {
         if self
             .system_id

crates/api/src/middleware/auth.rs

@@ -58,8 +58,23 @@ pub async fn auth(State(ctx): State<ApiContext>, mut req: Request, next: Next) -
         authed_app_id = Some(1);
     }
 
+    // todo: fix syntax
+    let internal = if req.headers().get("x-pluralkit-client-ip").is_none()
+        && let Some(auth_header) = req
+            .headers()
+            .get("x-pluralkit-internalauth")
+            .map(|h| h.to_str().ok())
+            .flatten()
+        && let Some(real_token) = libpk::config.internal_auth.clone()
+        && auth_header.as_bytes().ct_eq(real_token.as_bytes()).into()
+    {
+        true
+    } else {
+        false
+    };
+
     req.extensions_mut()
-        .insert(AuthState::new(authed_system_id, authed_app_id));
+        .insert(AuthState::new(authed_system_id, authed_app_id, internal));
 
     next.run(req).await
 }

crates/libpk/src/_config.rs

@@ -128,6 +128,9 @@ pub struct PKConfig {
 
     #[serde(default)]
     pub sentry_url: Option<String>,
+
+    #[serde(default)]
+    pub internal_auth: Option<String>,
 }
 
 impl PKConfig {