Restricting the API access to logged in admins. Only admin log in is publicly accessible.

lib/beet_round_server_web/admin_auth.ex

@@ -89,6 +89,18 @@ defmodule BeetRoundServerWeb.AdminAuth do
     end
   end
 
+  def fetch_api_admin(conn, _opts) do
+    with ["Bearer " <> token] <- get_req_header(conn, "authorization"),
+         {:ok, admin} <- Admins.fetch_admin_by_api_token(token) do
+      assign(conn, :current_admin, admin)
+    else
+      _ ->
+        conn
+        |> send_resp(:unauthorized, "No access for you!")
+        |> halt()
+    end
+  end
+
   # Reissue the session token if it is older than the configured reissue age.
   defp maybe_reissue_admin_session_token(conn, admin, token_inserted_at) do
     token_age = DateTime.diff(DateTime.utc_now(:second), token_inserted_at, :day)