Skip to content
This repository has been archived by the owner on Mar 28, 2024. It is now read-only.

Add authentication check to all POST requests #166

Merged
merged 1 commit into from
Sep 28, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 18 additions & 4 deletions src/main/kotlin/fr/ziedelth/controllers/AbstractController.kt
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,12 @@ open class AbstractController<T : Serializable>(open val prefix: String) {
fun decode(watchlist: String): FilterData =
Constant.gson.fromJson(Decoder.fromGzip(watchlist), FilterData::class.java)

fun PipelineContext<Unit, ApplicationCall>.getPageAndLimit(): Pair<Int, Int> {
suspend fun printError(call: ApplicationCall, e: Exception) {
e.printStackTrace()
call.respond(HttpStatusCode.InternalServerError, e.message ?: UNKNOWN_MESSAGE_ERROR)
}

protected fun PipelineContext<Unit, ApplicationCall>.getPageAndLimit(): Pair<Int, Int> {
val page = call.parameters["page"]!!.toIntOrNull() ?: throw IllegalArgumentException("Page is not valid")
val limit = call.parameters["limit"]!!.toIntOrNull() ?: throw IllegalArgumentException("Limit is not valid")

Expand All @@ -38,8 +43,17 @@ open class AbstractController<T : Serializable>(open val prefix: String) {
return Pair(page, limit)
}

suspend fun printError(call: ApplicationCall, e: Exception) {
e.printStackTrace()
call.respond(HttpStatusCode.InternalServerError, e.message ?: UNKNOWN_MESSAGE_ERROR)
protected suspend fun PipelineContext<Unit, ApplicationCall>.isUnauthorized(): Boolean {
if (!Constant.secureKey.isNullOrBlank()) {
val authorization = call.request.headers[HttpHeaders.Authorization]

if (Constant.secureKey != authorization) {
println("Unauthorized request")
call.respond(HttpStatusCode.Unauthorized, "Secure key not equals")
return true
}
}

return false
}
}
3 changes: 3 additions & 0 deletions src/main/kotlin/fr/ziedelth/controllers/AnimeController.kt
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ class AnimeController : AttachmentController<Anime>("/animes") {
private fun Route.save() {
post {
println("POST $prefix")
if (isUnauthorized()) return@post

try {
val anime = call.receive<Anime>()
Expand Down Expand Up @@ -146,6 +147,8 @@ class AnimeController : AttachmentController<Anime>("/animes") {
@APIRoute
private fun Route.merge() {
put("/merge") {
if (isUnauthorized()) return@put

// Get list of uuids
val uuids = call.receive<List<String>>().map { UUID.fromString(it) }
println("PUT $prefix/merge")
Expand Down
1 change: 1 addition & 0 deletions src/main/kotlin/fr/ziedelth/controllers/AyaneController.kt
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ class AyaneController : AbstractController<Ayane>("/ayane") {
private fun Route.save() {
post {
println("POST $prefix")
if (isUnauthorized()) return@post

try {
val ayane = call.receive<Ayane>()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ class CountryController : AbstractController<Country>("/countries") {
private fun Route.save() {
post {
println("POST $prefix")
if (isUnauthorized()) return@post

try {
val country = call.receive<Country>()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,7 @@ class EpisodeController : AttachmentController<Episode>("/episodes") {
private fun Route.saveMultiple() {
post("/multiple") {
println("POST $prefix/multiple")
if (isUnauthorized()) return@post

try {
val episodes = call.receive<List<Episode>>().filter { !episodeRepository.exists("hash", it.hash!!) }
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ class EpisodeTypeController : AbstractController<EpisodeType>("/episodetypes") {
private fun Route.save() {
post {
println("POST $prefix")
if (isUnauthorized()) return@post

try {
val episodeType = call.receive<EpisodeType>()
Expand Down
1 change: 1 addition & 0 deletions src/main/kotlin/fr/ziedelth/controllers/GenreController.kt
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ class GenreController : AbstractController<Genre>("/genres") {
private fun Route.save() {
post {
println("POST $prefix")
if (isUnauthorized()) return@post

try {
val genre = call.receive<Genre>()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ class LangTypeController : AbstractController<LangType>("/langtypes") {
private fun Route.save() {
post {
println("POST $prefix")
if (isUnauthorized()) return@post

try {
val langType = call.receive<LangType>()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ class PlatformController : AttachmentController<Platform>("/platforms") {
private fun Route.save() {
post {
println("POST $prefix")
if (isUnauthorized()) return@post

try {
val platform = call.receive<Platform>()
Expand Down
2 changes: 2 additions & 0 deletions src/main/kotlin/fr/ziedelth/utils/Constant.kt
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,6 @@ object Constant {

// Sort by year and season started by "Winter", "Spring", "Summer", "Autumn"
val seasons = listOf("WINTER", "SPRING", "SUMMER", "AUTUMN")

val secureKey: String? = System.getenv("SECURE_KEY")
}