Initial commit

src/main/java/com/noblelift/ota/config/AgentTokenAuthenticator.java

@@ -0,0 +1,52 @@
+package com.noblelift.ota.config;
+
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.http.HttpStatus;
+import org.springframework.stereotype.Component;
+import org.springframework.web.server.ResponseStatusException;
+
+@Component
+public class AgentTokenAuthenticator {
+
+    private static final String TOKEN_HEADER = "X-OTA-TOKEN";
+    private static final String AUTHORIZATION_HEADER = "Authorization";
+    private static final String BEARER_PREFIX = "Bearer ";
+
+    private final OtaProperties otaProperties;
+
+    public AgentTokenAuthenticator(OtaProperties otaProperties) {
+        this.otaProperties = otaProperties;
+    }
+
+    public void verify(HttpServletRequest request) {
+        String expectedToken = trimToNull(otaProperties.getAuthToken());
+        if (expectedToken == null) {
+            throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "OTA agent token is not configured");
+        }
+
+        String providedToken = extractToken(request);
+        if (!expectedToken.equals(providedToken)) {
+            throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Invalid OTA agent token");
+        }
+    }
+
+    private String extractToken(HttpServletRequest request) {
+        String token = trimToNull(request.getHeader(TOKEN_HEADER));
+        if (token != null) {
+            return token;
+        }
+        String authorization = trimToNull(request.getHeader(AUTHORIZATION_HEADER));
+        if (authorization != null && authorization.regionMatches(true, 0, BEARER_PREFIX, 0, BEARER_PREFIX.length())) {
+            return trimToNull(authorization.substring(BEARER_PREFIX.length()));
+        }
+        return null;
+    }
+
+    private String trimToNull(String value) {
+        if (value == null) {
+            return null;
+        }
+        String trimmed = value.trim();
+        return trimmed.isEmpty() ? null : trimmed;
+    }
+}