add secret for notify route
This commit is contained in:
parent
2f45005a8a
commit
3998818012
@ -19,3 +19,5 @@ PUSHGATEWAY_PW=doormanmetrics
|
||||
LOKI_URL=https://logs.chromart.cc
|
||||
LOKI_USER=doorman
|
||||
LOKI_PW=doormanlogs
|
||||
|
||||
NOTIFY_SECRET_KEY=discordnotifyme
|
||||
|
||||
@ -13,4 +13,5 @@ export interface DoormanLambdaContext extends EnvironmentVariables {
|
||||
LOKI_URL: string;
|
||||
LOKI_USER: string;
|
||||
LOKI_PW: string;
|
||||
NOTIFY_SECRET_KEY: string;
|
||||
};
|
||||
|
||||
@ -9,7 +9,9 @@ import { Counter, Summary } from "prom-client";
|
||||
export interface NotifyRequest extends ServerlessEventObject {
|
||||
door: string;
|
||||
|
||||
// TODO: change these to be multiple
|
||||
key: string;
|
||||
|
||||
// these are arrays in the request
|
||||
discordUser: string;
|
||||
msg: string;
|
||||
json: string;
|
||||
@ -19,6 +21,18 @@ export const handler: ServerlessFunctionSignature<TwilioContext, NotifyRequest>
|
||||
const response = new Twilio.Response();
|
||||
|
||||
registerMetrics(metricsRegistry);
|
||||
|
||||
|
||||
// secure notify endpoint
|
||||
if (event.key !== context.NOTIFY_SECRET_KEY) {
|
||||
getMetricFromRegistry<Counter>(metricsRegistry, NotifyMetrics.UNAUTHENTICATED_CALL).inc(1);
|
||||
response
|
||||
.setStatusCode(401)
|
||||
.appendHeader('Content-Type', 'application/json')
|
||||
.setBody({ err: "Unauthenticated call", event });
|
||||
|
||||
return callback(null, response);
|
||||
}
|
||||
|
||||
let users: string[];
|
||||
let msgs: string[];
|
||||
@ -27,6 +41,7 @@ export const handler: ServerlessFunctionSignature<TwilioContext, NotifyRequest>
|
||||
|
||||
try {
|
||||
users = JSON.parse(event.discordUser);
|
||||
console.log(users);
|
||||
msgs = JSON.parse(event.msg);
|
||||
console.log("before parsing", event.json);
|
||||
jsons = JSON.parse(event.json);
|
||||
|
||||
@ -3,7 +3,8 @@ import { Counter, Registry, Summary } from "prom-client";
|
||||
export enum NotifyMetrics {
|
||||
DISCORD_LATENCY = "DiscordLatency",
|
||||
DISCORD_FAILURE = "DiscordFailure",
|
||||
NOTIFY_TIMEOUT = "NotifyTimeout"
|
||||
NOTIFY_TIMEOUT = "NotifyTimeout",
|
||||
UNAUTHENTICATED_CALL = "UnauthenticatedCall"
|
||||
}
|
||||
|
||||
export const registerMetrics = (metricsRegistry: Registry) => {
|
||||
@ -22,4 +23,9 @@ export const registerMetrics = (metricsRegistry: Registry) => {
|
||||
name: NotifyMetrics.NOTIFY_TIMEOUT,
|
||||
help: "Timeout before all notify calls completed",
|
||||
}));
|
||||
|
||||
metricsRegistry.registerMetric(new Counter({
|
||||
name: NotifyMetrics.UNAUTHENTICATED_CALL,
|
||||
help: "Call was made to notify without the secret key specified",
|
||||
}));
|
||||
}
|
||||
|
||||
@ -14,3 +14,5 @@ PUSHGATEWAY_PW=doormanmetrics
|
||||
LOKI_URL=https://logs.chromart.cc
|
||||
LOKI_USER=doorman
|
||||
LOKI_PW=doormanlogs
|
||||
|
||||
NOTIFY_SECRET_KEY=discordnotifyme
|
||||
@ -15,7 +15,7 @@ export async function getConfig(context: TwilioContext, buzzer: string): Promise
|
||||
export async function notifyDiscord(context: TwilioContext, msg: string[], u: string[], optionalJsonStr: string[], metricsRegistry: Registry){
|
||||
const endTimer = (metricsRegistry.getSingleMetric(BuzzerActivatedMetrics.NOTIFY_LATENCY) as Summary).startTimer();
|
||||
const res = await lambdaFastHttp(context.DOORMAN_URL +
|
||||
`/api/door/notify?discordUser=${encodeURIComponent(JSON.stringify(u))}&msg=${encodeURIComponent(JSON.stringify(msg))}&json=${encodeURIComponent(JSON.stringify(optionalJsonStr))}`,
|
||||
`/api/door/notify?discordUser=${encodeURIComponent(JSON.stringify(u))}&msg=${encodeURIComponent(JSON.stringify(msg))}&json=${encodeURIComponent(JSON.stringify(optionalJsonStr))}&key=${context.NOTIFY_SECRET_KEY}`,
|
||||
).catch(err => console.log(err));
|
||||
endTimer();
|
||||
return res;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user