Merge pull request #166 from Z-Jais/master

Add authentication check to all POST requests

src/main/kotlin/fr/ziedelth/controllers/AbstractController.kt

@@ -28,7 +28,12 @@ open class AbstractController<T : Serializable>(open val prefix: String) {
     fun decode(watchlist: String): FilterData =
         Constant.gson.fromJson(Decoder.fromGzip(watchlist), FilterData::class.java)
 
-    fun PipelineContext<Unit, ApplicationCall>.getPageAndLimit(): Pair<Int, Int> {
+    suspend fun printError(call: ApplicationCall, e: Exception) {
+        e.printStackTrace()
+        call.respond(HttpStatusCode.InternalServerError, e.message ?: UNKNOWN_MESSAGE_ERROR)
+    }
+
+    protected fun PipelineContext<Unit, ApplicationCall>.getPageAndLimit(): Pair<Int, Int> {
         val page = call.parameters["page"]!!.toIntOrNull() ?: throw IllegalArgumentException("Page is not valid")
         val limit = call.parameters["limit"]!!.toIntOrNull() ?: throw IllegalArgumentException("Limit is not valid")
 
@@ -38,8 +43,17 @@ open class AbstractController<T : Serializable>(open val prefix: String) {
         return Pair(page, limit)
     }
 
-    suspend fun printError(call: ApplicationCall, e: Exception) {
-        e.printStackTrace()
-        call.respond(HttpStatusCode.InternalServerError, e.message ?: UNKNOWN_MESSAGE_ERROR)
+    protected suspend fun PipelineContext<Unit, ApplicationCall>.isUnauthorized(): Boolean {
+        if (!Constant.secureKey.isNullOrBlank()) {
+            val authorization = call.request.headers[HttpHeaders.Authorization]
+
+            if (Constant.secureKey != authorization) {
+                println("Unauthorized request")
+                call.respond(HttpStatusCode.Unauthorized, "Secure key not equals")
+                return true
+            }
+        }
+
+        return false
     }
 }

src/main/kotlin/fr/ziedelth/controllers/AnimeController.kt

@@ -93,6 +93,7 @@ class AnimeController : AttachmentController<Anime>("/animes") {
     private fun Route.save() {
         post {
             println("POST $prefix")
+            if (isUnauthorized()) return@post
 
             try {
                 val anime = call.receive<Anime>()
@@ -146,6 +147,8 @@ class AnimeController : AttachmentController<Anime>("/animes") {
     @APIRoute
     private fun Route.merge() {
         put("/merge") {
+            if (isUnauthorized()) return@put
+
             // Get list of uuids
             val uuids = call.receive<List<String>>().map { UUID.fromString(it) }
             println("PUT $prefix/merge")

src/main/kotlin/fr/ziedelth/controllers/AyaneController.kt

@@ -15,6 +15,7 @@ class AyaneController : AbstractController<Ayane>("/ayane") {
     private fun Route.save() {
         post {
             println("POST $prefix")
+            if (isUnauthorized()) return@post
 
             try {
                 val ayane = call.receive<Ayane>()

src/main/kotlin/fr/ziedelth/controllers/CountryController.kt

@@ -31,6 +31,7 @@ class CountryController : AbstractController<Country>("/countries") {
     private fun Route.save() {
         post {
             println("POST $prefix")
+            if (isUnauthorized()) return@post
 
             try {
                 val country = call.receive<Country>()

src/main/kotlin/fr/ziedelth/controllers/EpisodeController.kt

@@ -149,6 +149,7 @@ class EpisodeController : AttachmentController<Episode>("/episodes") {
     private fun Route.saveMultiple() {
         post("/multiple") {
             println("POST $prefix/multiple")
+            if (isUnauthorized()) return@post
 
             try {
                 val episodes = call.receive<List<Episode>>().filter { !episodeRepository.exists("hash", it.hash!!) }

src/main/kotlin/fr/ziedelth/controllers/EpisodeTypeController.kt

@@ -31,6 +31,7 @@ class EpisodeTypeController : AbstractController<EpisodeType>("/episodetypes") {
     private fun Route.save() {
         post {
             println("POST $prefix")
+            if (isUnauthorized()) return@post
 
             try {
                 val episodeType = call.receive<EpisodeType>()

src/main/kotlin/fr/ziedelth/controllers/GenreController.kt

@@ -27,6 +27,7 @@ class GenreController : AbstractController<Genre>("/genres") {
     private fun Route.save() {
         post {
             println("POST $prefix")
+            if (isUnauthorized()) return@post
 
             try {
                 val genre = call.receive<Genre>()

src/main/kotlin/fr/ziedelth/controllers/LangTypeController.kt

@@ -31,6 +31,7 @@ class LangTypeController : AbstractController<LangType>("/langtypes") {
     private fun Route.save() {
         post {
             println("POST $prefix")
+            if (isUnauthorized()) return@post
 
             try {
                 val langType = call.receive<LangType>()

src/main/kotlin/fr/ziedelth/controllers/PlatformController.kt

@@ -28,6 +28,7 @@ class PlatformController : AttachmentController<Platform>("/platforms") {
     private fun Route.save() {
         post {
             println("POST $prefix")
+            if (isUnauthorized()) return@post
 
             try {
                 val platform = call.receive<Platform>()

src/main/kotlin/fr/ziedelth/utils/Constant.kt

@@ -7,4 +7,6 @@ object Constant {
 
     // Sort by year and season started by "Winter", "Spring", "Summer", "Autumn"
     val seasons = listOf("WINTER", "SPRING", "SUMMER", "AUTUMN")
+
+    val secureKey: String? = System.getenv("SECURE_KEY")
 }