apikey-checker.js 1.34 KB
edit raw blame history



1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53


const MODULE_NAME = 'CALLBACK.APIKEY-CHECKER';

const config = require('komodo-sdk/config');
const logger = require('tektrans-logger');

const sendInvalidApikeyResponse = (xid, res) => {
    res.status(403).json({
        status: 'NOT-OK',
        error: 'Invalid APIKEY',
        ts: new Date(),
        xid,
    });
};

if (!config.partner.callback.apikey) {
    logger.warn(`${MODULE_NAME} 56420201: Missing config.partner.callback.apikey. Please consider to set it for security reason`);
}

module.exports = (req, res, next) => {
    if (!config.partner || !config.partner.callback || !config.partner.callback.apikey) {
        next();
        return;
    }

    const { xid } = res.locals;
    const apikeyFromRequest = req.params.apikey;

    if (
        typeof config.partner.callback.apikey === 'object'
        && Array.isArray(config.partner.callback.apikey)
        && config.partner.callback.apikey.indexOf(apikeyFromRequest) >= 0
    ) {
        next();
        return;
    }

    if (
        typeof config.partner.callback.apikey === 'string'
        && config.partner.callback.apikey === apikeyFromRequest
    ) {
        next();
        return;
    }

    logger.warn(`${MODULE_NAME} A4D719C2: Invalid apikey`, {
        xid,
        remoteIp: req.ip,
        url: req.url,
        apikeyFromRequest,
    });

    sendInvalidApikeyResponse(xid, res);
};