Merge pull request #15 from DIG-Network/release/v0.0.1-alpha.16

Release/v0.0.1 alpha.16

CHANGELOG.md

@@ -2,6 +2,13 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+### [0.0.1-alpha.16](https://github.com/DIG-Network/dig-incentive-server/compare/v0.0.1-alpha.15...v0.0.1-alpha.16) (2024-09-25)
+
+
+### Bug Fixes
+
+* verify mnemonic ([66b97b0](https://github.com/DIG-Network/dig-incentive-server/commit/66b97b00850c067d68cea7e1e0de37e46b24dcc1))
+
 ### [0.0.1-alpha.15](https://github.com/DIG-Network/dig-incentive-server/compare/v0.0.1-alpha.14...v0.0.1-alpha.15) (2024-09-25)
 
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "dig-incentive-server",
-  "version": "0.0.1-alpha.15",
+  "version": "0.0.1-alpha.16",
   "description": "",
   "type": "commonjs",
   "main": "./dist/index.js",

src/middleware/verifyAuthorization.ts

@@ -0,0 +1,56 @@
+import { getCredentials } from "../utils/authUtils";
+import { Request, Response, NextFunction } from "express";
+
+export const verifyAuthorization = async (
+  req: Request,
+  res: Response,
+  next: NextFunction
+) => {
+  try {
+    const credentials = await getCredentials();
+
+    if (
+      !credentials ||
+      credentials.password === "CHANGEME" ||
+      credentials.username === "CHANGEME"
+    ) {
+      return res
+        .status(500)
+        .send(
+          "The propagation server does not have a valid username and password set. Please set the DIG_USERNAME and DIG_PASSWORD environment variables."
+        );
+    }
+
+    const authHeader = req.headers.authorization;
+
+    if (!authHeader || !authHeader.startsWith("Basic ")) {
+      // No Authorization header or it's not Basic Auth
+      res.setHeader("WWW-Authenticate", 'Basic realm="Access to the site", charset="UTF-8"');
+      return res.status(401).send("Unauthorized: Missing Basic Auth header");
+    }
+
+    // Decode base64 credentials
+    const base64Credentials = authHeader.split(" ")[1];
+    const decodedCredentials = Buffer.from(base64Credentials, "base64").toString("utf-8");
+    const [username, password] = decodedCredentials.split(":");
+
+    if (!username || !password) {
+      res.setHeader("WWW-Authenticate", 'Basic realm="Access to the site", charset="UTF-8"');
+      return res.status(401).send("Unauthorized: Invalid Basic Auth format");
+    }
+
+    // Compare credentials
+    if (username !== credentials.username || password !== credentials.password) {
+      res.setHeader("WWW-Authenticate", 'Basic realm="Access to the site", charset="UTF-8"');
+      return res.status(401).send("Unauthorized: Invalid username or password");
+    }
+
+    next(); // Credentials are valid; proceed to the next middleware
+  } catch (error) {
+    console.error("Error in verifyCredentials middleware:", error);
+    return res
+      .status(500)
+      .send("An error occurred while verifying the credentials.");
+  }
+};
+

src/middleware/verifyMnemonic.ts

@@ -47,10 +47,36 @@ export const verifyCredentials = async (
         );
     }
 
-    next(); // Proceed to the next middleware or route handler
+    const authHeader = req.headers.authorization;
+
+    if (!authHeader || !authHeader.startsWith("Basic ")) {
+      // No Authorization header or it's not Basic Auth
+      res.setHeader("WWW-Authenticate", 'Basic realm="Access to the site", charset="UTF-8"');
+      return res.status(401).send("Unauthorized: Missing Basic Auth header");
+    }
+
+    // Decode base64 credentials
+    const base64Credentials = authHeader.split(" ")[1];
+    const decodedCredentials = Buffer.from(base64Credentials, "base64").toString("utf-8");
+    const [username, password] = decodedCredentials.split(":");
+
+    if (!username || !password) {
+      res.setHeader("WWW-Authenticate", 'Basic realm="Access to the site", charset="UTF-8"');
+      return res.status(401).send("Unauthorized: Invalid Basic Auth format");
+    }
+
+    // Compare credentials
+    if (username !== credentials.username || password !== credentials.password) {
+      res.setHeader("WWW-Authenticate", 'Basic realm="Access to the site", charset="UTF-8"');
+      return res.status(401).send("Unauthorized: Invalid username or password");
+    }
+
+    next(); // Credentials are valid; proceed to the next middleware
   } catch (error) {
+    console.error("Error in verifyCredentials middleware:", error);
     return res
       .status(500)
-      .send("An error occurred while verifying the mnemonic.");
+      .send("An error occurred while verifying the credentials.");
   }
 };
+

src/routes/storeRoutes.ts

@@ -6,22 +6,23 @@ import {
   getIncentiveProgramById,
   deleteIncentiveProgram
 } from "../controllers/incentiveProgramController";
+import { verifyAuthorization } from "../middleware/verifyAuthorization";
 
 const router = express.Router();
 
 // Route to create a new incentive program
-router.post("/incentive", express.json(), createIncentiveProgram);
+router.post("/incentive", express.json(), verifyAuthorization, createIncentiveProgram);
 
 // Route to update an existing incentive program
-router.put("/incentive", express.json(), updateIncentiveProgram);
+router.put("/incentive", express.json(), verifyAuthorization, updateIncentiveProgram);
 
 // Route to get all incentive programs
-router.get("/incentive", getAllIncentivePrograms);
+router.get("/incentive", verifyAuthorization, getAllIncentivePrograms);
 
 // Route to get an incentive program by store ID
-router.get("/incentive/:storeId", getIncentiveProgramById);
+router.get("/incentive/:storeId", verifyAuthorization, getIncentiveProgramById);
 
 // Route to delete an incentive program by store ID
-router.delete("/incentive", express.json(), deleteIncentiveProgram);
+router.delete("/incentive", express.json(), verifyAuthorization, deleteIncentiveProgram);
 
 export { router as incentiveRoutes };