const MODULE_NAME = 'CALLBACK.APIKEY-CHECKER'; const config = require('komodo-sdk/config'); const logger = require('tektrans-logger'); const DEBUG_CALLBACK_APIKEY = process.env.DEBUG_CALLBACK_APIKEY || (config.partner && config.partner.callback && config.partner.callback.debug_apikey); const sendInvalidApikeyResponse = (xid, res) => { res.status(403).json({ status: 'NOT-OK', error: 'Invalid APIKEY', ts: new Date(), xid, }); }; if (!config.partner.callback.apikey) { logger.warn(`${MODULE_NAME} 56420201: Missing config.partner.callback.apikey. Please consider to set it for security reason`); } module.exports = (req, res, next) => { const { xid } = res.locals; const apikeyFromRequest = req.params.apikey; if (!config.partner || !config.partner.callback || !config.partner.callback.apikey) { if (DEBUG_CALLBACK_APIKEY) { logger.verbose(`${MODULE_NAME} 8BE57EB4: Skip APIKEY checker on no config`, { xid, }); } next(); return; } if (DEBUG_CALLBACK_APIKEY) { logger.verbose(`${MODULE_NAME} 1A634029: Checking for apikey validity`, { xid, apikeyFromRequest, }); } if ( typeof config.partner.callback.apikey === 'object' && Array.isArray(config.partner.callback.apikey) && config.partner.callback.apikey.indexOf(apikeyFromRequest) >= 0 ) { if (DEBUG_CALLBACK_APIKEY) { logger.verbose(`${MODULE_NAME} 4BC7B45D: Apikey match with one of array element`, { xid, apikeyFromRequest, }); } next(); return; } if ( typeof config.partner.callback.apikey === 'string' && config.partner.callback.apikey === apikeyFromRequest ) { if (DEBUG_CALLBACK_APIKEY) { logger.verbose(`${MODULE_NAME} FC80DC85: Apikey match with string config`, { xid, apikeyFromRequest, }); } next(); return; } logger.warn(`${MODULE_NAME} A4D719C2: Invalid apikey`, { xid, remoteIp: req.ip, url: req.url, apikeyFromRequest, }); sendInvalidApikeyResponse(xid, res); };