Testing if the key exists... Else, it's not that securized.
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
aminecmi 2022-09-30 15:37:17 +02:00
parent 77aa8421d8
commit 79bce6c7db

View File

@ -17,16 +17,15 @@ fun main() {
val app = Javalin.create {
it.accessManager { handler, ctx, permittedRoles ->
transaction {
val k = ctx.header("X-API-KEY").orEmpty()
Key.find {
Keys.value eq k
val maybeKey = Key.find {
Keys.value eq ctx.header("X-API-KEY").orEmpty()
}.firstOrNull()
val auth = ctx.header("Authorization").orEmpty()
val isBasicAuthed = auth == System.getenv("LDC_AUTH")
when {
permittedRoles.contains(ApiRole.PUBLIC) -> handler.handle(ctx)
permittedRoles.contains(ApiRole.BASIC_AUTHED) && isBasicAuthed -> handler.handle(ctx)
permittedRoles.contains(ApiRole.API_AUTHED) && k != null -> handler.handle(ctx)
permittedRoles.contains(ApiRole.API_AUTHED) && maybeKey != null -> handler.handle(ctx)
else -> ctx.status(401).json("Unauthorized")
}
}