From 3998818012e0b45fe463bfd5d1b8e94651a47724 Mon Sep 17 00:00:00 2001
From: Martin Dimitrov <martin3dimitrov@gmail.com>
Date: Sun, 1 Jun 2025 21:06:32 -0700
Subject: [PATCH] add secret for notify route

---
 packages/doorman-api/.env.example               |  2 ++
 .../src/common/DoormanHandlerContext.ts         |  1 +
 .../src/functions/api/door/notify.ts            | 17 ++++++++++++++++-
 .../doorman-api/src/metrics/NotifyMetrics.ts    |  8 +++++++-
 packages/doorman-client/.env.example            |  2 ++
 .../doorman-client/src/utils/DoormanUtils.ts    |  2 +-
 6 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/packages/doorman-api/.env.example b/packages/doorman-api/.env.example
index 982e8ae..cf78681 100644
--- a/packages/doorman-api/.env.example
+++ b/packages/doorman-api/.env.example
@@ -19,3 +19,5 @@ PUSHGATEWAY_PW=doormanmetrics
 LOKI_URL=https://logs.chromart.cc
 LOKI_USER=doorman
 LOKI_PW=doormanlogs
+
+NOTIFY_SECRET_KEY=discordnotifyme
diff --git a/packages/doorman-api/src/common/DoormanHandlerContext.ts b/packages/doorman-api/src/common/DoormanHandlerContext.ts
index 2d0588b..3f6fe4e 100644
--- a/packages/doorman-api/src/common/DoormanHandlerContext.ts
+++ b/packages/doorman-api/src/common/DoormanHandlerContext.ts
@@ -13,4 +13,5 @@ export interface DoormanLambdaContext extends EnvironmentVariables {
   LOKI_URL: string;
   LOKI_USER: string;
   LOKI_PW: string;
+  NOTIFY_SECRET_KEY: string;
 };
diff --git a/packages/doorman-api/src/functions/api/door/notify.ts b/packages/doorman-api/src/functions/api/door/notify.ts
index c564604..2f6dceb 100644
--- a/packages/doorman-api/src/functions/api/door/notify.ts
+++ b/packages/doorman-api/src/functions/api/door/notify.ts
@@ -9,7 +9,9 @@ import { Counter, Summary } from "prom-client";
 export interface NotifyRequest extends ServerlessEventObject {
   door: string;
 
-  // TODO: change these to be multiple
+  key: string;
+
+  // these are arrays in the request
   discordUser: string;
   msg: string;
   json: string;
@@ -19,6 +21,18 @@ export const handler: ServerlessFunctionSignature<TwilioContext, NotifyRequest>
   const response = new Twilio.Response();
 
   registerMetrics(metricsRegistry);
+  
+
+  // secure notify endpoint
+  if (event.key !== context.NOTIFY_SECRET_KEY) {
+    getMetricFromRegistry<Counter>(metricsRegistry, NotifyMetrics.UNAUTHENTICATED_CALL).inc(1);
+    response
+      .setStatusCode(401)
+      .appendHeader('Content-Type', 'application/json')
+      .setBody({ err: "Unauthenticated call", event });
+
+    return callback(null, response);
+  }
 
   let users: string[];
   let msgs: string[];
@@ -27,6 +41,7 @@ export const handler: ServerlessFunctionSignature<TwilioContext, NotifyRequest>
 
   try {
     users = JSON.parse(event.discordUser);
+    console.log(users);
     msgs = JSON.parse(event.msg);
     console.log("before parsing", event.json);
     jsons = JSON.parse(event.json);
diff --git a/packages/doorman-api/src/metrics/NotifyMetrics.ts b/packages/doorman-api/src/metrics/NotifyMetrics.ts
index 030bbbb..f5d7234 100644
--- a/packages/doorman-api/src/metrics/NotifyMetrics.ts
+++ b/packages/doorman-api/src/metrics/NotifyMetrics.ts
@@ -3,7 +3,8 @@ import { Counter, Registry, Summary } from "prom-client";
 export enum NotifyMetrics {
   DISCORD_LATENCY = "DiscordLatency",
   DISCORD_FAILURE = "DiscordFailure",
-  NOTIFY_TIMEOUT = "NotifyTimeout"
+  NOTIFY_TIMEOUT = "NotifyTimeout",
+  UNAUTHENTICATED_CALL = "UnauthenticatedCall"
 }
 
 export const registerMetrics = (metricsRegistry: Registry) => {
@@ -22,4 +23,9 @@ export const registerMetrics = (metricsRegistry: Registry) => {
     name: NotifyMetrics.NOTIFY_TIMEOUT,
     help: "Timeout before all notify calls completed",
   }));
+
+  metricsRegistry.registerMetric(new Counter({
+    name: NotifyMetrics.UNAUTHENTICATED_CALL,
+    help: "Call was made to notify without the secret key specified",
+  }));
 }
diff --git a/packages/doorman-client/.env.example b/packages/doorman-client/.env.example
index 10a3eae..a536539 100644
--- a/packages/doorman-client/.env.example
+++ b/packages/doorman-client/.env.example
@@ -14,3 +14,5 @@ PUSHGATEWAY_PW=doormanmetrics
 LOKI_URL=https://logs.chromart.cc
 LOKI_USER=doorman
 LOKI_PW=doormanlogs
+
+NOTIFY_SECRET_KEY=discordnotifyme
\ No newline at end of file
diff --git a/packages/doorman-client/src/utils/DoormanUtils.ts b/packages/doorman-client/src/utils/DoormanUtils.ts
index d03e638..367aed1 100644
--- a/packages/doorman-client/src/utils/DoormanUtils.ts
+++ b/packages/doorman-client/src/utils/DoormanUtils.ts
@@ -15,7 +15,7 @@ export async function getConfig(context: TwilioContext, buzzer: string): Promise
 export async function notifyDiscord(context: TwilioContext, msg: string[], u: string[], optionalJsonStr: string[], metricsRegistry: Registry){
   const endTimer = (metricsRegistry.getSingleMetric(BuzzerActivatedMetrics.NOTIFY_LATENCY) as Summary).startTimer();
   const res = await lambdaFastHttp(context.DOORMAN_URL + 
-    `/api/door/notify?discordUser=${encodeURIComponent(JSON.stringify(u))}&msg=${encodeURIComponent(JSON.stringify(msg))}&json=${encodeURIComponent(JSON.stringify(optionalJsonStr))}`,
+    `/api/door/notify?discordUser=${encodeURIComponent(JSON.stringify(u))}&msg=${encodeURIComponent(JSON.stringify(msg))}&json=${encodeURIComponent(JSON.stringify(optionalJsonStr))}&key=${context.NOTIFY_SECRET_KEY}`,
   ).catch(err => console.log(err));
   endTimer();
   return res;