diff --git a/src/entities/RequestHandler.ts b/src/entities/RequestHandler.ts index f74b592..b79573a 100644 --- a/src/entities/RequestHandler.ts +++ b/src/entities/RequestHandler.ts @@ -1,4 +1,6 @@ import { Response, Request } from "express"; +import { APIHelper } from "../helpers/APIHelper"; +import { APIClient } from "./APIClient"; /** * Response to a request @@ -7,6 +9,9 @@ import { Response, Request } from "express"; */ export class RequestHandler { + + private client : APIClient = null; + public constructor(private req : Request, private response : Response) {} /** @@ -39,7 +44,7 @@ export class RequestHandler { if(param.length < minLength) this.error(400, "Parameter "+name+" is too short!"); - return ""; + return param; } @@ -54,7 +59,25 @@ export class RequestHandler { const apiName = this.getString("serviceName"); const apiToken = this.getString("serviceToken"); - // Validate the token + // Validate the client + const client = await APIHelper.GetClient(apiName, apiToken); + + if(client == null) + this.error(400, "Client not recognized!"); + + if(client.domain) { + + const allowedOrigin = "http://" + client.domain; + + const referer = this.req.get("Referer"); + if(!referer || !referer.startsWith(allowedOrigin)) + this.error(401, "Use of this client is prohibited from this domain!"); + + this.response.set("Access-Control-Allow-Origin", allowedOrigin); + } + + // Save client information for latter access + this.client = client; } /**