Add secret/apikey based authentication to the supervisor.

2025-01-18 10:46:22 +00:00 · 2015-01-28 15:13:26 +00:00 · 2015-01-28 15:13:26 +00:00 · 1784c75c57
commit 1784c75c57
parent fafef6cc6f
3 changed files with 50 additions and 39 deletions
--- a/package.json
+++ b/package.json
@ -21,6 +21,7 @@
    "network-checker": "git+ssh://git@bitbucket.org:rulemotion/network-checker.git#v0.0.1",
    "ngrok": "~0.1.97",
    "pubnub": "~3.6.4",
+    "randomstring": "~1.0.3",
    "request": "^2.51.0",
    "pinejs-client-js": "git+ssh://git@bitbucket.org:rulemotion/pinejs-client-js.git#v0.3.1",
    "sqlite3": "~3.0.4",
--- a/src/api.coffee
+++ b/src/api.coffee
@ -6,44 +6,50 @@ application = require './application'
 tty = require './lib/tty'
 knex = require './db'

-api = express()
-api.use(express.bodyParser())
+module.exports = (secret) ->
+	api = express()
+	api.use(express.bodyParser())
+	api.use (req, res, next) ->
+		if req.query.apikey is secret
+			next()
+		else
+			res.send(401)

-api.post '/v1/blink', (req, res) ->
-	utils.mixpanelTrack('Device blink')
-	utils.blink.pattern.start()
-	setTimeout(utils.blink.pattern.stop, 15000)
-	res.send(200)
-
-api.post '/v1/update', (req, res) ->
-	utils.mixpanelTrack('Update notification')
-	application.update()
-	res.send(204)
-
-api.post '/v1/spawn-tty', (req, res) ->
-	appId = req.body.appId
-	utils.mixpanelTrack('Spawn tty', appId)
-	if !appId?
-		res.send(400, 'Missing app id')
-	knex('app').select().where({appId})
-	.then ([ app ]) ->
-		if !app?
-			throw new Error('App not found')
-		tty.start(app)
-	.then (url) ->
-		res.send(200, url)
-	.catch (err) ->
-		res.send(503, err?.message or err or 'Unknown error')
-
-api.post '/v1/despawn-tty', (req, res) ->
-	appId = req.body.appId
-	utils.mixpanelTrack('Despawn tty', appId)
-	if !appId?
-		res.send(400, 'Missing app id')
-	tty.stop(appId)
-	.then ->
+	api.post '/v1/blink', (req, res) ->
+		utils.mixpanelTrack('Device blink')
+		utils.blink.pattern.start()
+		setTimeout(utils.blink.pattern.stop, 15000)
 		res.send(200)
-	.catch (err) ->
-		res.send(503, err?.message or err or 'Unknown error')

-module.exports = api
+	api.post '/v1/update', (req, res) ->
+		utils.mixpanelTrack('Update notification')
+		application.update()
+		res.send(204)
+
+	api.post '/v1/spawn-tty', (req, res) ->
+		appId = req.body.appId
+		utils.mixpanelTrack('Spawn tty', appId)
+		if !appId?
+			res.send(400, 'Missing app id')
+		knex('app').select().where({appId})
+		.then ([ app ]) ->
+			if !app?
+				throw new Error('App not found')
+			tty.start(app)
+		.then (url) ->
+			res.send(200, url)
+		.catch (err) ->
+			res.send(503, err?.message or err or 'Unknown error')
+
+	api.post '/v1/despawn-tty', (req, res) ->
+		appId = req.body.appId
+		utils.mixpanelTrack('Despawn tty', appId)
+		if !appId?
+			res.send(400, 'Missing app id')
+		tty.stop(appId)
+		.then ->
+			res.send(200)
+		.catch (err) ->
+			res.send(503, err?.message or err or 'Unknown error')
+
+	return api
--- a/src/app.coffee
+++ b/src/app.coffee
@ -31,11 +31,15 @@ knex.init.then ->

 		api = require './api'
 		application = require './application'
+		randomstring = require 'randomstring'

 		console.log('Starting API server..')
-		api.listen(config.listenPort)
+		secret = randomstring.generate()
+		api(secret).listen(config.listenPort)
 		application.updateDeviceInfo(
 			api_port: config.listenPort
+			api_secret: secret
+			# Retry the device info update every 5s until it finally succeeds.
 			5000
 		)