mirror of
https://gitlab.com/comunic/comunicapiv2
synced 2024-11-22 13:29:22 +00:00
Check client token
This commit is contained in:
parent
2c4c914fbc
commit
f87cb17f52
@ -1,4 +1,6 @@
|
|||||||
import { Response, Request } from "express";
|
import { Response, Request } from "express";
|
||||||
|
import { APIHelper } from "../helpers/APIHelper";
|
||||||
|
import { APIClient } from "./APIClient";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Response to a request
|
* Response to a request
|
||||||
@ -7,6 +9,9 @@ import { Response, Request } from "express";
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
export class RequestHandler {
|
export class RequestHandler {
|
||||||
|
|
||||||
|
private client : APIClient = null;
|
||||||
|
|
||||||
public constructor(private req : Request, private response : Response) {}
|
public constructor(private req : Request, private response : Response) {}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -39,7 +44,7 @@ export class RequestHandler {
|
|||||||
if(param.length < minLength)
|
if(param.length < minLength)
|
||||||
this.error(400, "Parameter "+name+" is too short!");
|
this.error(400, "Parameter "+name+" is too short!");
|
||||||
|
|
||||||
return "";
|
return param;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -54,7 +59,25 @@ export class RequestHandler {
|
|||||||
const apiName = this.getString("serviceName");
|
const apiName = this.getString("serviceName");
|
||||||
const apiToken = this.getString("serviceToken");
|
const apiToken = this.getString("serviceToken");
|
||||||
|
|
||||||
// Validate the token
|
// Validate the client
|
||||||
|
const client = await APIHelper.GetClient(apiName, apiToken);
|
||||||
|
|
||||||
|
if(client == null)
|
||||||
|
this.error(400, "Client not recognized!");
|
||||||
|
|
||||||
|
if(client.domain) {
|
||||||
|
|
||||||
|
const allowedOrigin = "http://" + client.domain;
|
||||||
|
|
||||||
|
const referer = this.req.get("Referer");
|
||||||
|
if(!referer || !referer.startsWith(allowedOrigin))
|
||||||
|
this.error(401, "Use of this client is prohibited from this domain!");
|
||||||
|
|
||||||
|
this.response.set("Access-Control-Allow-Origin", allowedOrigin);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Save client information for latter access
|
||||||
|
this.client = client;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user