feat: comma-separated API_TOKENs

clifflu · Jul 26, 2016 · 4df4da1 · 4df4da1
1 parent cb70319
commit 4df4da1
Show file tree

Hide file tree

Showing 4 changed files with 74 additions and 4 deletions.
diff --git a/guanyu/app.js b/guanyu/app.js
@@ -24,10 +24,11 @@ app.use(bodyParser.urlencoded({limit: file_max_size, extended: false }));
 app.use(express.static(path.join(__dirname, 'public')));
 
 app.use((req, res, next) => {
-  if (req.method == 'POST' && config.get('API_TOKEN')) {
-    if (req.headers['api-token'] != config.get('API_TOKEN')) {
-      var err = new Error('Forbidden: API Token required');
+  if (req.method == 'POST' && config.get('api-tokens')) {
+    if (!config.get('api-tokens').has(req.headers['api-token'])) {
+      var err = new Error('Forbidden');
       err.status = 403;
+
       return next(err);
     }
   }

diff --git a/guanyu/guanyu/config.js b/guanyu/guanyu/config.js
@@ -42,7 +42,7 @@ function update_boolean(name) {
 
   if (Number.isNaN(as_number)) {
     if (/^false$/i.test(value))
-      return nconf.set(name, false);;
+      return nconf.set(name, false);
 
     return nconf.set(name, Boolean(value));
   }
@@ -59,10 +59,28 @@ function update_number(name) {
   }
 }
 
+function harvest_api_tokens(api_token){
+  var tokens = new Set();
+
+  if (api_token) {
+    api_token.split(',').map((token) => {
+      if (token = token.trim()) {
+        tokens.add(token);
+      }
+    });
+  }
+
+  return tokens.size == 0
+    ? null
+    : tokens;
+}
+
 bridge_deprecated_to('REDIS_HOST', 'CACHE:REDIS:HOST');
 bridge_deprecated_to('UTOPIA', 'DRUNK');
 
 update_number('PROC_PER_CORE');
 update_boolean('DRUNK');
 
+nconf.set('api-tokens', harvest_api_tokens(nconf.get('API_TOKEN')));
+
 module.exports = nconf;
diff --git a/guanyu/package.json b/guanyu/package.json
@@ -26,5 +26,10 @@
     "tmp": "0.0.28",
     "url": "^0.11.0",
     "winston": "^2.2.0"
+  },
+  "devDependencies": {
+    "chai": "^3.5.0",
+    "mocha": "^2.5.3",
+    "rewire": "^2.5.2"
   }
 }
diff --git a/guanyu/test/config.js b/guanyu/test/config.js
@@ -0,0 +1,46 @@
+"use strict";
+
+var chai = require('chai');
+var rewire = require('rewire');
+
+var config = rewire('../guanyu/config');
+
+describe('test/config.js', function(){
+  describe('API Token', function(){
+    describe('harvest_api_tokens()', function(){
+      var func = config.__get__('harvest_api_tokens');
+
+      it('handle nothing', () => {
+        chai.assert(null == func(undefined));
+        chai.assert(null == func(null));
+        chai.assert(null == func(''));
+      });
+
+      it('find one', () => {
+        var token = 'asdasdfasdf+=';
+        chai.assert(func(token).has(token));
+      });
+
+      it('find two', () => {
+        var t1 = 'asdasdfasdf+=';
+        var t2 = 'ghij';
+
+        var ret = func(t1 + ',' + t2);
+        chai.assert(ret.size == 2);
+        chai.assert(ret.has(t1));
+        chai.assert(ret.has(t2));
+      });
+
+      it('handle spaces and empty', () => {
+        var t1 = 'asdasdfasdf+=';
+        var t2 = 'ghij';
+
+        var ret = func(' ' + t1 + ' ,, , ' + t2);
+        chai.assert(ret.size == 2);
+        chai.assert(ret.has(t1));
+        chai.assert(ret.has(t2));
+      });
+
+    });
+  });
+});