fix: INVITE USER

internal/middleware/adminsecretcheck_middleware.go

@@ -16,17 +16,17 @@ func NewAdminSecretCheckMiddleware(conf model.NhSystemConfigModel) *AdminSecretC
 
 func (m *AdminSecretCheckMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if key, err := m.conf.GetAdminSecret(r.Context()); err != nil {
+		key, err := m.conf.GetAdminSecret(r.Context())
+		if err != nil {
 			if !errors.Is(err, model.ErrNotFound) {
 				http.Error(w, "system error", http.StatusInternalServerError)
 				return
 			}
-		} else {
-			apiKey := r.Header.Get("x-admin-secret")
-			if apiKey != key {
-				http.Error(w, "Invalid API key", http.StatusUnauthorized)
-				return
-			}
+		}
+		apiKey := r.Header.Get("x-admin-secret")
+		if apiKey == "" || apiKey != key {
+			http.Error(w, "Invalid API key", http.StatusUnauthorized)
+			return
 		}
 		next(w, r)
 	}

internal/middleware/apikeycheck_middleware.go

@@ -16,17 +16,17 @@ func NewApiKeyCheckMiddleware(conf model.NhSystemConfigModel) *ApiKeyCheckMiddle
 
 func (m *ApiKeyCheckMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if key, err := m.conf.GetCarvApiKey(r.Context()); err != nil {
+		key, err := m.conf.GetCarvApiKey(r.Context())
+		if err != nil {
 			if !errors.Is(err, model.ErrNotFound) {
 				http.Error(w, "system error", http.StatusInternalServerError)
 				return
 			}
-		} else {
-			apiKey := r.Header.Get("x-api-key")
-			if apiKey != key {
-				http.Error(w, "Invalid API key", http.StatusUnauthorized)
-				return
-			}
+		}
+		apiKey := r.Header.Get("x-api-key")
+		if apiKey == "" || apiKey != key {
+			http.Error(w, "Invalid API key", http.StatusUnauthorized)
+			return
 		}
 
 		next(w, r)