Skip to content

Commit 5574f34

Browse files
Fixes for api access
1 parent b046ea7 commit 5574f34

2 files changed

Lines changed: 18 additions & 10 deletions

File tree

app/src/forms/auth/middleware/apiAccess.js

Lines changed: 17 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -75,10 +75,20 @@ const _getFormIdFromSubmissionId = async (formSubmissionId) => {
7575
return result?.form?.id;
7676
};
7777

78-
module.exports = async (req, res, next) => {
79-
try {
80-
// Check if authorization header is basic auth
81-
if (req.headers && req.headers.authorization && req.headers.authorization.startsWith('Basic ')) {
78+
module.exports = (options = {}) => {
79+
const { required = false } = options;
80+
return async (req, res, next) => {
81+
try {
82+
// Check if authorization header is basic auth
83+
const hasBasicAuth = req.headers && req.headers.authorization && req.headers.authorization.startsWith('Basic ');
84+
85+
//validate that API Access is mandatory
86+
if (required && !hasBasicAuth) {
87+
throw new Problem(401, {
88+
detail: HTTP_401_DETAIL,
89+
});
90+
}
91+
if (!hasBasicAuth) return next();
8292
// URL params should override query string params of the same attribute
8393
const params = { ...req.query, ...req.params };
8494

@@ -115,10 +125,8 @@ module.exports = async (req, res, next) => {
115125
});
116126

117127
return checkCredentials(req, res, next);
118-
} else {
119-
next();
128+
} catch (error) {
129+
next(error);
120130
}
121-
} catch (error) {
122-
next(error);
123-
}
131+
};
124132
};

app/src/gateway/v1/auth/routes.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ const apiAccess = require('../../../forms/auth/middleware/apiAccess');
77
const controller = require('./controller');
88

99
// Issue a new token for a specific form
10-
router.post('/token/forms/:formId', apiAccess, controller.issueFormToken);
10+
router.post('/token/forms/:formId', apiAccess({ required: true }), controller.issueFormToken);
1111

1212
// Refresh an existing token
1313
router.post('/refresh', controller.refreshToken);

0 commit comments

Comments
 (0)