From 51441dfa8df31812735ad6bea1724c0e09731128 Mon Sep 17 00:00:00 2001 From: alyssadev Date: Sun, 17 Sep 2023 13:34:03 +1000 Subject: [PATCH] moved auth to kv --- src/index.js | 29 +++++++++++++++++------------ wrangler.toml | 5 +++-- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/src/index.js b/src/index.js index ec9da17..230900c 100644 --- a/src/index.js +++ b/src/index.js @@ -12,16 +12,21 @@ function makeid(length) { return result; } -function checkAuth(request) { +async function checkAuth(request) { const auth = request.headers.get("Authorization"); - return auth === AUTH_KEY; + const auth_check = await AUTH.get(auth) + console.log(auth, auth_check) + return Boolean(auth_check); } function getHost(request) { return request.headers.get("Host") } -async function add(host,path,request) { +async function add(request,host,path) { + const auth = await checkAuth(request) + if (!auth) + return new Response("Only GET requests allowed to unauthed users", {status:403}); if (!request.headers.get("content-type")) return new Response("No URL provided", {status:400}) const data = await request.formData() @@ -50,14 +55,18 @@ async function add(host,path,request) { return new Response(`https://${host}/${path}`, {status:201}) } -async function remove(host,path) { +async function remove(request,host,path) { + const auth = await checkAuth(request) + if (!auth) + return new Response("Only GET requests allowed to unauthed users", {status:403}); if (!path) return new Response("No path provided",{status:400}) path = path.toLowerCase() await KV.delete(path) return new Response(`DELETE https://${host}/${path}`, {status:200}) } -async function get(host,path,auth) { +async function get(request,host,path) { + const auth = await checkAuth(request) if (!path && auth) { const { keys } = await KV.list() let paths = "" @@ -79,16 +88,12 @@ async function handleRequest(request) { case "PUT": case "POST": case "PATCH": - if (!checkAuth(request)) - return new Response("Only GET requests allowed to unauthed users", {status:403}); - return add(host,path,request) + return add(request,host,path) case "DELETE": - if (!checkAuth(request)) - return new Response("Only GET requests allowed to unauthed users", {status:403}); - return remove(host,path) + return remove(request,host,path) case "HEAD": case "GET": - return get(host,path,checkAuth(request)) + return get(request,host,path) default: return new Response("Method not allowed", {status:405}) } diff --git a/wrangler.toml b/wrangler.toml index 84fac0b..4bdd2d3 100644 --- a/wrangler.toml +++ b/wrangler.toml @@ -1,12 +1,13 @@ name = "linkie" main = "src/index.js" workers_dev = true # used for test.py -compatibility_date = "2023-09-14" +compatibility_date = "2023-09-04" routes = [ { pattern = "s.aly.pet", custom_domain = true } ] kv_namespaces = [ - { binding = "KV", id = "7214e776a3da4ccd9f9fe5b6c3d3f781" } + { binding = "KV", id = "7214e776a3da4ccd9f9fe5b6c3d3f781", preview_id = "a36f8dde95cb46d988812e051729fbe8" }, + { binding = "AUTH", id = "6cea477e20a44fb5933482255fc77447", preview_id = "1cd25bb358194925ad1ba2cf163c80c0" } ] [vars] REDIR_URL = "https://aly-smith.carrd.co/"