From f756a36ffbc01311d79d85543a8952c6c0308684 Mon Sep 17 00:00:00 2001 From: Ziedelth Date: Thu, 28 Sep 2023 16:52:57 +0200 Subject: [PATCH] Add authentication check to all POST requests --- .../controllers/AbstractController.kt | 22 +++++++++++++++---- .../ziedelth/controllers/AnimeController.kt | 3 +++ .../ziedelth/controllers/AyaneController.kt | 1 + .../ziedelth/controllers/CountryController.kt | 1 + .../ziedelth/controllers/EpisodeController.kt | 1 + .../controllers/EpisodeTypeController.kt | 1 + .../ziedelth/controllers/GenreController.kt | 1 + .../controllers/LangTypeController.kt | 1 + .../controllers/PlatformController.kt | 1 + src/main/kotlin/fr/ziedelth/utils/Constant.kt | 2 ++ 10 files changed, 30 insertions(+), 4 deletions(-) diff --git a/src/main/kotlin/fr/ziedelth/controllers/AbstractController.kt b/src/main/kotlin/fr/ziedelth/controllers/AbstractController.kt index adc2807..a5acfa5 100644 --- a/src/main/kotlin/fr/ziedelth/controllers/AbstractController.kt +++ b/src/main/kotlin/fr/ziedelth/controllers/AbstractController.kt @@ -28,7 +28,12 @@ open class AbstractController(open val prefix: String) { fun decode(watchlist: String): FilterData = Constant.gson.fromJson(Decoder.fromGzip(watchlist), FilterData::class.java) - fun PipelineContext.getPageAndLimit(): Pair { + suspend fun printError(call: ApplicationCall, e: Exception) { + e.printStackTrace() + call.respond(HttpStatusCode.InternalServerError, e.message ?: UNKNOWN_MESSAGE_ERROR) + } + + protected fun PipelineContext.getPageAndLimit(): Pair { val page = call.parameters["page"]!!.toIntOrNull() ?: throw IllegalArgumentException("Page is not valid") val limit = call.parameters["limit"]!!.toIntOrNull() ?: throw IllegalArgumentException("Limit is not valid") @@ -38,8 +43,17 @@ open class AbstractController(open val prefix: String) { return Pair(page, limit) } - suspend fun printError(call: ApplicationCall, e: Exception) { - e.printStackTrace() - call.respond(HttpStatusCode.InternalServerError, e.message ?: UNKNOWN_MESSAGE_ERROR) + protected suspend fun PipelineContext.isUnauthorized(): Boolean { + if (!Constant.secureKey.isNullOrBlank()) { + val authorization = call.request.headers[HttpHeaders.Authorization] + + if (Constant.secureKey != authorization) { + println("Unauthorized request") + call.respond(HttpStatusCode.Unauthorized, "Secure key not equals") + return true + } + } + + return false } } diff --git a/src/main/kotlin/fr/ziedelth/controllers/AnimeController.kt b/src/main/kotlin/fr/ziedelth/controllers/AnimeController.kt index 398a1ac..be253ae 100644 --- a/src/main/kotlin/fr/ziedelth/controllers/AnimeController.kt +++ b/src/main/kotlin/fr/ziedelth/controllers/AnimeController.kt @@ -93,6 +93,7 @@ class AnimeController : AttachmentController("/animes") { private fun Route.save() { post { println("POST $prefix") + if (isUnauthorized()) return@post try { val anime = call.receive() @@ -146,6 +147,8 @@ class AnimeController : AttachmentController("/animes") { @APIRoute private fun Route.merge() { put("/merge") { + if (isUnauthorized()) return@put + // Get list of uuids val uuids = call.receive>().map { UUID.fromString(it) } println("PUT $prefix/merge") diff --git a/src/main/kotlin/fr/ziedelth/controllers/AyaneController.kt b/src/main/kotlin/fr/ziedelth/controllers/AyaneController.kt index 5857c7c..4f31d30 100644 --- a/src/main/kotlin/fr/ziedelth/controllers/AyaneController.kt +++ b/src/main/kotlin/fr/ziedelth/controllers/AyaneController.kt @@ -15,6 +15,7 @@ class AyaneController : AbstractController("/ayane") { private fun Route.save() { post { println("POST $prefix") + if (isUnauthorized()) return@post try { val ayane = call.receive() diff --git a/src/main/kotlin/fr/ziedelth/controllers/CountryController.kt b/src/main/kotlin/fr/ziedelth/controllers/CountryController.kt index dc7ee02..02af8c5 100644 --- a/src/main/kotlin/fr/ziedelth/controllers/CountryController.kt +++ b/src/main/kotlin/fr/ziedelth/controllers/CountryController.kt @@ -31,6 +31,7 @@ class CountryController : AbstractController("/countries") { private fun Route.save() { post { println("POST $prefix") + if (isUnauthorized()) return@post try { val country = call.receive() diff --git a/src/main/kotlin/fr/ziedelth/controllers/EpisodeController.kt b/src/main/kotlin/fr/ziedelth/controllers/EpisodeController.kt index 92fb644..2aa932a 100644 --- a/src/main/kotlin/fr/ziedelth/controllers/EpisodeController.kt +++ b/src/main/kotlin/fr/ziedelth/controllers/EpisodeController.kt @@ -149,6 +149,7 @@ class EpisodeController : AttachmentController("/episodes") { private fun Route.saveMultiple() { post("/multiple") { println("POST $prefix/multiple") + if (isUnauthorized()) return@post try { val episodes = call.receive>().filter { !episodeRepository.exists("hash", it.hash!!) } diff --git a/src/main/kotlin/fr/ziedelth/controllers/EpisodeTypeController.kt b/src/main/kotlin/fr/ziedelth/controllers/EpisodeTypeController.kt index 41e8cfe..c2671e3 100644 --- a/src/main/kotlin/fr/ziedelth/controllers/EpisodeTypeController.kt +++ b/src/main/kotlin/fr/ziedelth/controllers/EpisodeTypeController.kt @@ -31,6 +31,7 @@ class EpisodeTypeController : AbstractController("/episodetypes") { private fun Route.save() { post { println("POST $prefix") + if (isUnauthorized()) return@post try { val episodeType = call.receive() diff --git a/src/main/kotlin/fr/ziedelth/controllers/GenreController.kt b/src/main/kotlin/fr/ziedelth/controllers/GenreController.kt index 3751ac1..1eac0b9 100644 --- a/src/main/kotlin/fr/ziedelth/controllers/GenreController.kt +++ b/src/main/kotlin/fr/ziedelth/controllers/GenreController.kt @@ -27,6 +27,7 @@ class GenreController : AbstractController("/genres") { private fun Route.save() { post { println("POST $prefix") + if (isUnauthorized()) return@post try { val genre = call.receive() diff --git a/src/main/kotlin/fr/ziedelth/controllers/LangTypeController.kt b/src/main/kotlin/fr/ziedelth/controllers/LangTypeController.kt index c299fb1..8fb1370 100644 --- a/src/main/kotlin/fr/ziedelth/controllers/LangTypeController.kt +++ b/src/main/kotlin/fr/ziedelth/controllers/LangTypeController.kt @@ -31,6 +31,7 @@ class LangTypeController : AbstractController("/langtypes") { private fun Route.save() { post { println("POST $prefix") + if (isUnauthorized()) return@post try { val langType = call.receive() diff --git a/src/main/kotlin/fr/ziedelth/controllers/PlatformController.kt b/src/main/kotlin/fr/ziedelth/controllers/PlatformController.kt index 89cc0c9..beb2d42 100644 --- a/src/main/kotlin/fr/ziedelth/controllers/PlatformController.kt +++ b/src/main/kotlin/fr/ziedelth/controllers/PlatformController.kt @@ -28,6 +28,7 @@ class PlatformController : AttachmentController("/platforms") { private fun Route.save() { post { println("POST $prefix") + if (isUnauthorized()) return@post try { val platform = call.receive() diff --git a/src/main/kotlin/fr/ziedelth/utils/Constant.kt b/src/main/kotlin/fr/ziedelth/utils/Constant.kt index 20d7300..c7a21ff 100644 --- a/src/main/kotlin/fr/ziedelth/utils/Constant.kt +++ b/src/main/kotlin/fr/ziedelth/utils/Constant.kt @@ -7,4 +7,6 @@ object Constant { // Sort by year and season started by "Winter", "Spring", "Summer", "Autumn" val seasons = listOf("WINTER", "SPRING", "SUMMER", "AUTUMN") + + val secureKey: String? = System.getenv("SECURE_KEY") } \ No newline at end of file