apikey-checker.js
2.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
const MODULE_NAME = 'CALLBACK.APIKEY-CHECKER';
const config = require('komodo-sdk/config');
const logger = require('tektrans-logger');
const DEBUG_CALLBACK_APIKEY = process.env.DEBUG_CALLBACK_APIKEY
|| (config.partner && config.partner.callback && config.partner.callback.debug_apikey);
const sendInvalidApikeyResponse = (xid, res) => {
res.status(403).json({
status: 'NOT-OK',
error: 'Invalid APIKEY',
ts: new Date(),
xid,
});
};
if (!config.partner.callback.apikey) {
logger.warn(`${MODULE_NAME} 56420201: Missing config.partner.callback.apikey. Please consider to set it for security reason`);
}
module.exports = (req, res, next) => {
const { xid } = res.locals;
const apikeyFromRequest = req.params.apikey;
if (!config.partner || !config.partner.callback || !config.partner.callback.apikey) {
if (DEBUG_CALLBACK_APIKEY) {
logger.verbose(`${MODULE_NAME} 8BE57EB4: Skip APIKEY checker on no config`, {
xid,
});
}
next();
return;
}
if (DEBUG_CALLBACK_APIKEY) {
logger.verbose(`${MODULE_NAME} 1A634029: Checking for apikey validity`, {
xid,
apikeyFromRequest,
});
}
if (
typeof config.partner.callback.apikey === 'object'
&& Array.isArray(config.partner.callback.apikey)
&& config.partner.callback.apikey.indexOf(apikeyFromRequest) >= 0
) {
if (DEBUG_CALLBACK_APIKEY) {
logger.verbose(`${MODULE_NAME} 4BC7B45D: Apikey match with one of array element`, {
xid,
apikeyFromRequest,
});
}
next();
return;
}
if (
typeof config.partner.callback.apikey === 'string'
&& config.partner.callback.apikey === apikeyFromRequest
) {
if (DEBUG_CALLBACK_APIKEY) {
logger.verbose(`${MODULE_NAME} FC80DC85: Apikey match with string config`, {
xid,
apikeyFromRequest,
});
}
next();
return;
}
logger.warn(`${MODULE_NAME} A4D719C2: Invalid apikey`, {
xid,
remoteIp: req.ip,
url: req.url,
apikeyFromRequest,
});
sendInvalidApikeyResponse(xid, res);
};