Use real env vars for access token

johanbrook · Mar 18, 2024 · 53311c3 · 53311c3
1 parent 5581aa6
commit 53311c3
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 11 deletions.
diff --git a/api/auth.ts b/api/auth.ts
@@ -1,26 +1,30 @@
-import { ProblemKind } from './problem.ts';
-import { ProblemError } from './problem.ts';
+import { getConfig } from './config.ts';
+import { ProblemError, ProblemKind } from './problem.ts';
 
 export interface Client {
     id: string; // unique
+    name: string;
     token: string; // unique
 }
 
-const IOS = {
+const IOS: Client = {
     id: 'ios-shortcut',
-    token: 'aaa',
+    name: 'iOS Shortcut',
+    token: getConfig('IOS_SHORTCUT_TOKEN'),
 };
 
-const MAC = {
+const MAC: Client = {
     id: 'mac-shortcut',
-    token: 'bbb',
+    name: 'Mac Shortcut',
+    token: getConfig('MAC_SHORTCUT_TOKEN'),
 };
 
 type Token = string;
 
 const CLIENTS: Record<Token, Client> = {
-    'aaa': IOS,
-    'bbb': MAC,
+    // 🙃
+    [IOS.token]: IOS,
+    [MAC.token]: MAC,
 };
 
 export const checkAuth = (req: Request): Client => {
@@ -30,6 +34,10 @@ export const checkAuth = (req: Request): Client => {
         throw new ProblemError(ProblemKind.BadInput, 'Missing important credentials');
     }
 
+    if (!token.startsWith('API-Token')) {
+        throw new ProblemError(ProblemKind.BadInput, 'Malformed auth token');
+    }
+
     const client = CLIENTS[token.replace('API-Token', '').trim()];
 
     if (!client) {

diff --git a/api/config.ts b/api/config.ts
@@ -1,5 +1,10 @@
 interface Config {
+    /** For authing with the GitHub API. */
     GITHUB_TOKEN: string;
+
+    // Access tokens for this API
+    IOS_SHORTCUT_TOKEN: string;
+    MAC_SHORTCUT_TOKEN: string;
 }
 
 export const getConfig = <K extends keyof Config>(key: K, def?: Config[K]): Config[K] => {

diff --git a/deno.json b/deno.json
@@ -9,7 +9,7 @@
         "lume": "echo \"import 'lume/cli.ts'\" | deno run --unstable-temporal -A -",
         "build": "deno task lume",
         "serve": "deno task build -s",
-        "test": "deno test --allow-env --unstable-temporal --location https://johan.im",
+        "test": "export IOS_SHORTCUT_TOKEN=aaa && export MAC_SHORTCUT_TOKEN=aaa && TEST=1 deno test --allow-env --unstable-temporal --location https://johan.im",
         "api": "deno run --unstable-temporal --allow-env --allow-net --allow-read --allow-write --location https://johan.im --watch api/server.ts"
     },
     "compilerOptions": {

diff --git a/test/auth.test.ts b/test/auth.test.ts
@@ -30,7 +30,7 @@ Deno.test('API /post-note fails on bad auth header', async () => {
         }),
     );
 
-    assertEquals(res.status, 401);
+    assertEquals(res.status, 400);
     const body = await res.text();
-    assertMatch(body, /Bad auth token/);
+    assertMatch(body, /Malformed auth token/);
 });