feature/IO-3258-Shop-User-Vendor-Creation: Finish
This commit is contained in:
23
server/middleware/partsManagementIntegrationMiddleware.js
Normal file
23
server/middleware/partsManagementIntegrationMiddleware.js
Normal file
@@ -0,0 +1,23 @@
|
||||
/**
|
||||
* Middleware to check if the request is authorized for Parts Management Integration.
|
||||
* @param req
|
||||
* @param res
|
||||
* @param next
|
||||
* @returns {*}
|
||||
*/
|
||||
const partsManagementIntegrationMiddleware = (req, res, next) => {
|
||||
const secret = process.env.PARTS_MANAGEMENT_INTEGRATION_SECRET;
|
||||
if (typeof secret !== "string" || secret.length === 0) {
|
||||
return res.status(500).send("Server misconfiguration");
|
||||
}
|
||||
|
||||
const headerValue = req.headers["parts-management-integration-secret"];
|
||||
if (typeof headerValue !== "string" || headerValue.trim() !== secret) {
|
||||
return res.status(401).send("Unauthorized");
|
||||
}
|
||||
|
||||
req.isPartsManagementIntegrationAuthorized = true;
|
||||
next();
|
||||
};
|
||||
|
||||
module.exports = partsManagementIntegrationMiddleware;
|
||||
@@ -1,16 +1,19 @@
|
||||
/**
|
||||
* VSSTA Integration Middleware
|
||||
* @param req
|
||||
* @param res
|
||||
* @param next
|
||||
* @returns {*}
|
||||
* Fails closed if the env var is missing or empty, and strictly compares header.
|
||||
*/
|
||||
const vsstaIntegrationMiddleware = (req, res, next) => {
|
||||
if (req?.headers?.["vssta-integration-secret"] !== process.env?.VSSTA_INTEGRATION_SECRET) {
|
||||
const secret = process.env.VSSTA_INTEGRATION_SECRET;
|
||||
if (typeof secret !== "string" || secret.length === 0) {
|
||||
return res.status(500).send("Server misconfiguration");
|
||||
}
|
||||
|
||||
const headerValue = req.headers["vssta-integration-secret"];
|
||||
if (typeof headerValue !== "string" || headerValue.trim() !== secret) {
|
||||
return res.status(401).send("Unauthorized");
|
||||
}
|
||||
|
||||
req.isIntegrationAuthorized = true;
|
||||
req.isVsstaIntegrationAuthorized = true;
|
||||
next();
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user