Komodo / komodo-gw-komodo-httpgex

apikey-checker.js 1.17 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 
const MODULE_NAME = 'CALLBACK.APIKEY-CHECKER';

const config = require('komodo-sdk/config');
const logger = require('komodo-sdk/logger');

const sendInvalidApikeyResponse = (xid, res) => {
    res.status(403).json({
        status: 'NOT-OK',
        error: 'Invalid APIKEY',
        ts: new Date(),
        xid,
    });
};

module.exports = (req, res, next) => {
    if (!config.partner || !config.partner.callback || !config.partner.callback.apikey) {
        next();
        return;
    }

    const { xid } = res.locals;
    const apikeyFromRequest = req.params.apikey;

    if (
        typeof config.partner.callback.apikey === 'object'
        && Array.isArray(config.partner.callback.apikey)
        && config.partner.callback.apikey.indexOf(apikeyFromRequest) >= 0
    ) {
        next();
        return;
    }

    if (
        typeof config.partner.callback.apikey === 'string'
        && config.partner.callback.apikey === apikeyFromRequest
    ) {
        next();
        return;
    }

    logger.warn(`${MODULE_NAME} A4D719C2: Invalid apikey`, {
        xid,
        remoteIp: req.ip,
        url: req.url,
        apikeyFromRequest,
    });

    sendInvalidApikeyResponse(xid, res);
};