add secret for notify route

2025-06-01 21:06:32 -07:00 · 2025-06-01 21:06:32 -07:00 · 3998818012
commit 3998818012
parent 2f45005a8a
6 changed files with 29 additions and 3 deletions
--- a/packages/doorman-api/.env.example
+++ b/packages/doorman-api/.env.example
@ -19,3 +19,5 @@ PUSHGATEWAY_PW=doormanmetrics
 LOKI_URL=https://logs.chromart.cc
 LOKI_USER=doorman
 LOKI_PW=doormanlogs
 NOTIFY_SECRET_KEY=discordnotifyme
--- a/packages/doorman-api/src/common/DoormanHandlerContext.ts
+++ b/packages/doorman-api/src/common/DoormanHandlerContext.ts
@ -13,4 +13,5 @@ export interface DoormanLambdaContext extends EnvironmentVariables {
  LOKI_URL: string;
  LOKI_USER: string;
  LOKI_PW: string;
  NOTIFY_SECRET_KEY: string;
 };
--- a/packages/doorman-api/src/functions/api/door/notify.ts
+++ b/packages/doorman-api/src/functions/api/door/notify.ts
@ -9,7 +9,9 @@ import { Counter, Summary } from "prom-client";
 export interface NotifyRequest extends ServerlessEventObject {
  door: string;
-  // TODO: change these to be multiple
+  key: string;
  // these are arrays in the request
  discordUser: string;
  msg: string;
  json: string;
@ -20,6 +22,18 @@ export const handler: ServerlessFunctionSignature<TwilioContext, NotifyRequest>
  registerMetrics(metricsRegistry);
  // secure notify endpoint
  if (event.key !== context.NOTIFY_SECRET_KEY) {
    getMetricFromRegistry<Counter>(metricsRegistry, NotifyMetrics.UNAUTHENTICATED_CALL).inc(1);
    response
      .setStatusCode(401)
      .appendHeader('Content-Type', 'application/json')
      .setBody({ err: "Unauthenticated call", event });
    return callback(null, response);
  }
  let users: string[];
  let msgs: string[];
  let jsons: string[];
@ -27,6 +41,7 @@ export const handler: ServerlessFunctionSignature<TwilioContext, NotifyRequest>
  try {
    users = JSON.parse(event.discordUser);
    console.log(users);
    msgs = JSON.parse(event.msg);
    console.log("before parsing", event.json);
    jsons = JSON.parse(event.json);
--- a/packages/doorman-api/src/metrics/NotifyMetrics.ts
+++ b/packages/doorman-api/src/metrics/NotifyMetrics.ts
@ -3,7 +3,8 @@ import { Counter, Registry, Summary } from "prom-client";
 export enum NotifyMetrics {
  DISCORD_LATENCY = "DiscordLatency",
  DISCORD_FAILURE = "DiscordFailure",
-  NOTIFY_TIMEOUT = "NotifyTimeout"
+  NOTIFY_TIMEOUT = "NotifyTimeout",
  UNAUTHENTICATED_CALL = "UnauthenticatedCall"
 }
 export const registerMetrics = (metricsRegistry: Registry) => {
@ -22,4 +23,9 @@ export const registerMetrics = (metricsRegistry: Registry) => {
    name: NotifyMetrics.NOTIFY_TIMEOUT,
    help: "Timeout before all notify calls completed",
  }));
  metricsRegistry.registerMetric(new Counter({
    name: NotifyMetrics.UNAUTHENTICATED_CALL,
    help: "Call was made to notify without the secret key specified",
  }));
 }
--- a/packages/doorman-client/.env.example
+++ b/packages/doorman-client/.env.example
@ -14,3 +14,5 @@ PUSHGATEWAY_PW=doormanmetrics
 LOKI_URL=https://logs.chromart.cc
 LOKI_USER=doorman
 LOKI_PW=doormanlogs
 NOTIFY_SECRET_KEY=discordnotifyme
--- a/packages/doorman-client/src/utils/DoormanUtils.ts
+++ b/packages/doorman-client/src/utils/DoormanUtils.ts
@ -15,7 +15,7 @@ export async function getConfig(context: TwilioContext, buzzer: string): Promise
 export async function notifyDiscord(context: TwilioContext, msg: string[], u: string[], optionalJsonStr: string[], metricsRegistry: Registry){
  const endTimer = (metricsRegistry.getSingleMetric(BuzzerActivatedMetrics.NOTIFY_LATENCY) as Summary).startTimer();
  const res = await lambdaFastHttp(context.DOORMAN_URL + 
-    `/api/door/notify?discordUser=${encodeURIComponent(JSON.stringify(u))}&msg=${encodeURIComponent(JSON.stringify(msg))}&json=${encodeURIComponent(JSON.stringify(optionalJsonStr))}`,
+    `/api/door/notify?discordUser=${encodeURIComponent(JSON.stringify(u))}&msg=${encodeURIComponent(JSON.stringify(msg))}&json=${encodeURIComponent(JSON.stringify(optionalJsonStr))}&key=${context.NOTIFY_SECRET_KEY}`,
  ).catch(err => console.log(err));
  endTimer();
  return res;