Finalizes option to secure backend http endpoints with a token

- Also fixes to build commands in makefile
2025-08-12 10:48:41 +00:00 · 2024-05-10 18:11:23 -04:00
parent e6c2042df6
commit 4e20c4ac56
7 changed files with 24 additions and 17 deletions
--- a/src/app.ts
+++ b/src/app.ts
@ -14,9 +14,15 @@ const server = http.createServer(app);

 const corsOptions = {
  origin: '*',
+  allowedHeaders: ['Authorization', 'Content-Type'],
 };

 app.use(cors(corsOptions));
+
+if (getAccessKey()) {
+  app.all('*', requireAccessKey);
+};
+
 app.use(express.json());

 app.use('/api', routes);
@ -24,10 +30,6 @@ app.get('/api', (_, res) => {
  res.status(200).json({ status: 'ok' });
 });

-if (getAccessKey()) {
-  app.all('*', requireAccessKey);
-};
-
 server.listen(port, () => {
  logger.info(`Server is running on port ${port}`);
 });
--- a/src/auth.ts
+++ b/src/auth.ts
@ -1,8 +1,8 @@
 import {
  getAccessKey,
-} from '../config';
+} from './config';

-const requireAccessKey = (req, res, next) => {
+export const requireAccessKey = (req, res, next) => {
    const authHeader = req.headers.authorization;

    if (authHeader) {
@ -11,6 +11,7 @@ const requireAccessKey = (req, res, next) => {
        if (token !== getAccessKey()) {
            return res.sendStatus(403);
        }
+
        next();
    } else {
        res.sendStatus(401);