enstrayed/enstrayedapi
1
0
Fork 0
Code Issues Pull Requests Projects Wiki Activity

move authorization code into new file

Browse Source
This commit is contained in:
Enstrayed
2024-06-12 20:21:14 -07:00
parent c615d9c3f9
commit e5ab498161
2 changed files with 84 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
liberals/authorization.js Normal file
View File

@@ -0,0 +1,38 @@
const { globalConfig } = require("../index.js")
async function checkAuthorization(documentToUse,keyToCheck) {
return await fetch(`http://${globalConfig.couchdb.host}/apiauthkeys/${documentToUse}`, {
headers: {
"Authorization": `Basic ${btoa(globalConfig.couchdb.authorization)}`
}
}).then(fetchRes => {
if (fetchRes.status === 404) { // If document doesnt exist fail gracefully
console.log("ERROR: Failed to check authorization: Requested document returned 404")
return false
} else if (fetchRes.status === 401) { // If couchdb is reporting unauthorized fail gracefully
console.log("ERROR: Failed to check authorization: Database authorization is incorrect")
return false
} else {
return fetchRes.json().then(dbRes => { // Get response json and check it
if (dbRes["content"][keyToCheck.split("_")[0]] === keyToCheck.split("_")[1]) {
return true
} else {
return false
}
})
}
}).catch(error => {
console.log("ERROR: Failed to check authorization: " + error)
return false
})
}
module.exports = {checkAuthorization}

28
routes/mailjet.js
View File

@@ -1,22 +1,19 @@
const { app, db, globalConfig } = require("../index.js") // Get globals from index const { app, globalConfig } = require("../index.js") // Get globals from index
const { checkAuthorization } = require("../liberals/authorization.js")
app.post("/sendemail", (rreq,rres) => { app.post("/sendemail", (rreq,rres) => {
fetch(`http://${globalConfig.couchdb.host}/apiauthkeys/${globalConfig.mailjet.authKeysDoc}`, { checkAuthorization(globalConfig.mailjet.authKeysDoc,rreq.get("Authorization")).then(authRes => {
headers: { if (authRes === false) { // If the supplied authorization is invalid or an error occured
"Authorization": `Basic ${btoa(globalConfig.couchdb.authorization)}`
}
}).then(dbRes => dbRes.json()).then(dbRes => {
if (dbRes.status == 404) { // If document containing mailjet auth keys does not exist console.log(`${rreq.get("cf-connecting-ip")} POST /sendemail returned 401`) // Log the request
console.log(`ERROR: Could not find apiauthkeys/${globalConfig.mailjet.authKeysDoc}`) rres.sendStatus(401) // Return 401 Unauthorized
rres.sendStatus(500) // Refuse request
} else { } else if (authRes === true) { // If the authorization was valid, continue function
if (dbRes["content"][rreq.get("Authorization").split("_")[0]] === rreq.get("Authorization").split("_")[1]) {
// 2024-05-11: Turbo bodge check to make sure request JSON is valid, probably wont work but whatever // 2024-05-11: Turbo bodge check to make sure request JSON is valid, probably wont work but whatever
if (rreq.body == undefined || rreq.body.recipient == undefined) { if (rreq.body == undefined || rreq.body.recipient == undefined) {
console.log(`${rreq.get("cf-connecting-ip")} POST /sendemail returned 400 KEY:${rreq.get("Authorization").split("_")[1]}`) console.log(`${rreq.get("cf-connecting-ip")} POST /sendemail returned 400 KEY:${rreq.get("Authorization").split("_")[0]}`)
rres.sendStatus(400) rres.sendStatus(400)
} else { } else {
@@ -56,13 +53,6 @@ app.post("/sendemail", (rreq,rres) => {
} }
}) })
} }
} else {
console.log(`${rreq.get("cf-connecting-ip")} POST /sendemail returned 401`) // log ip of unauthorized requests
rres.sendStatus(401) // received auth key was not in database
}
} }
}) })