Defer multi-delete authorization to handler

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
2026-06-04 04:26:46 +00:00 · 2026-05-16 10:24:32 +02:00
parent 654a505c0d
commit e928ebca15
3 changed files with 144 additions and 8 deletions
--- a/auth/action.go
+++ b/auth/action.go
@@ -30,6 +30,17 @@ type RequestTarget struct {
 	Prefix string
 }

+func RequiresHandlerAuthorization(r *http.Request) bool {
+	if r == nil || r.URL == nil {
+		return false
+	}
+	if r.Method == http.MethodPost {
+		_, isDelete := r.URL.Query()["delete"]
+		return isDelete
+	}
+	return false
+}
+
 func resolveTarget(r *http.Request) RequestTarget {
 	path := strings.TrimPrefix(r.URL.Path, "/")
 	if path == "" {
--- a/auth/service.go
+++ b/auth/service.go
@@ -188,6 +188,13 @@ func (s *Service) AuthenticateRequest(r *http.Request) (RequestContext, error) {
 			AuthType:      authType,
 		}, nil
 	}
+	if RequiresHandlerAuthorization(r) {
+		return RequestContext{
+			Authenticated: true,
+			AccessKeyID:   identity.AccessKeyID,
+			AuthType:      authType,
+		}, nil
+	}

 	policy, err := s.store.GetAuthPolicy(identity.AccessKeyID)
 	if err != nil {