Commit 3b5cc7711a06367e3cdd3163fb12550305742c01
1 parent
0b9310bbaf
Exists in
master
Warn on no callback apikey
Showing 1 changed file with 4 additions and 0 deletions Inline Diff
lib/callback/apikey-checker.js
| 1 | const MODULE_NAME = 'CALLBACK.APIKEY-CHECKER'; | 1 | const MODULE_NAME = 'CALLBACK.APIKEY-CHECKER'; |
| 2 | 2 | ||
| 3 | const config = require('komodo-sdk/config'); | 3 | const config = require('komodo-sdk/config'); |
| 4 | const logger = require('tektrans-logger'); | 4 | const logger = require('tektrans-logger'); |
| 5 | 5 | ||
| 6 | const sendInvalidApikeyResponse = (xid, res) => { | 6 | const sendInvalidApikeyResponse = (xid, res) => { |
| 7 | res.status(403).json({ | 7 | res.status(403).json({ |
| 8 | status: 'NOT-OK', | 8 | status: 'NOT-OK', |
| 9 | error: 'Invalid APIKEY', | 9 | error: 'Invalid APIKEY', |
| 10 | ts: new Date(), | 10 | ts: new Date(), |
| 11 | xid, | 11 | xid, |
| 12 | }); | 12 | }); |
| 13 | }; | 13 | }; |
| 14 | 14 | ||
| 15 | if (!config.partner.callback.apikey) { | ||
| 16 | logger.warn(`${MODULE_NAME} 56420201: Missing config.partner.callback.apikey. Please consider to set it for security reason`); | ||
| 17 | } | ||
| 18 | |||
| 15 | module.exports = (req, res, next) => { | 19 | module.exports = (req, res, next) => { |
| 16 | if (!config.partner || !config.partner.callback || !config.partner.callback.apikey) { | 20 | if (!config.partner || !config.partner.callback || !config.partner.callback.apikey) { |
| 17 | next(); | 21 | next(); |
| 18 | return; | 22 | return; |
| 19 | } | 23 | } |
| 20 | 24 | ||
| 21 | const { xid } = res.locals; | 25 | const { xid } = res.locals; |
| 22 | const apikeyFromRequest = req.params.apikey; | 26 | const apikeyFromRequest = req.params.apikey; |
| 23 | 27 | ||
| 24 | if ( | 28 | if ( |
| 25 | typeof config.partner.callback.apikey === 'object' | 29 | typeof config.partner.callback.apikey === 'object' |
| 26 | && Array.isArray(config.partner.callback.apikey) | 30 | && Array.isArray(config.partner.callback.apikey) |
| 27 | && config.partner.callback.apikey.indexOf(apikeyFromRequest) >= 0 | 31 | && config.partner.callback.apikey.indexOf(apikeyFromRequest) >= 0 |
| 28 | ) { | 32 | ) { |
| 29 | next(); | 33 | next(); |
| 30 | return; | 34 | return; |
| 31 | } | 35 | } |
| 32 | 36 | ||
| 33 | if ( | 37 | if ( |
| 34 | typeof config.partner.callback.apikey === 'string' | 38 | typeof config.partner.callback.apikey === 'string' |
| 35 | && config.partner.callback.apikey === apikeyFromRequest | 39 | && config.partner.callback.apikey === apikeyFromRequest |
| 36 | ) { | 40 | ) { |
| 37 | next(); | 41 | next(); |
| 38 | return; | 42 | return; |
| 39 | } | 43 | } |
| 40 | 44 | ||
| 41 | logger.warn(`${MODULE_NAME} A4D719C2: Invalid apikey`, { | 45 | logger.warn(`${MODULE_NAME} A4D719C2: Invalid apikey`, { |
| 42 | xid, | 46 | xid, |
| 43 | remoteIp: req.ip, | 47 | remoteIp: req.ip, |
| 44 | url: req.url, | 48 | url: req.url, |
| 45 | apikeyFromRequest, | 49 | apikeyFromRequest, |
| 46 | }); | 50 | }); |
| 47 | 51 | ||
| 48 | sendInvalidApikeyResponse(xid, res); | 52 | sendInvalidApikeyResponse(xid, res); |
| 49 | }; | 53 | }; |
| 50 | 54 |