Add super admin validation

Resolves #24

server/constants/env.go

@@ -10,6 +10,7 @@ import (
 )
 
 var (
+	YAUTH_ADMIN_SECRET   = ""
 	ENV                  = ""
 	DB_TYPE              = ""
 	DB_URL               = ""
@@ -38,7 +39,7 @@ func init() {
 	if err != nil {
 		log.Println("Error loading .env file")
 	}
-
+	YAUTH_ADMIN_SECRET = os.Getenv("YAUTH_ADMIN_SECRET")
 	ENV = os.Getenv("ENV")
 	DB_TYPE = os.Getenv("DB_TYPE")
 	DB_URL = os.Getenv("DB_URL")
@@ -60,6 +61,10 @@ func init() {
 	// FACEBOOK_CLIENT_ID = os.Getenv("FACEBOOK_CLIENT_ID")
 	// FACEBOOK_CLIENT_SECRET = os.Getenv("FACEBOOK_CLIENT_SECRET")
 
+	if YAUTH_ADMIN_SECRET == "" {
+		panic("Yauth admin secret is required")
+	}
+
 	if ENV == "" {
 		ENV = "production"
 	}

server/resolvers/users.go

@@ -6,10 +6,20 @@ import (
 
 	"github.com/yauthdev/yauth/server/db"
 	"github.com/yauthdev/yauth/server/graph/model"
+	"github.com/yauthdev/yauth/server/utils"
 )
 
 func Users(ctx context.Context) ([]*model.User, error) {
+	gc, err := utils.GinContextFromContext(ctx)
 	var res []*model.User
+	if err != nil {
+		return res, err
+	}
+
+	if !utils.IsSuperAdmin(gc) {
+		return res, fmt.Errorf("unauthorized")
+	}
+
 	users, err := db.Mgr.GetUsers()
 	if err != nil {
 		return res, err

server/utils/validateSuperAdmin.go

@@ -0,0 +1,15 @@
+package utils
+
+import (
+	"github.com/gin-gonic/gin"
+	"github.com/yauthdev/yauth/server/constants"
+)
+
+func IsSuperAdmin(gc *gin.Context) bool {
+	secret := gc.Request.Header.Get("x-yauth-admin-secret")
+	if secret == "" {
+		return false
+	}
+
+	return secret == constants.YAUTH_ADMIN_SECRET
+}