feat: implement GitHub Auth for tracker

ubiquity · Oct 16, 2024 · b0e1bef · b0e1bef
1 parent 942ae09
commit b0e1bef
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 7 deletions.
diff --git a/functions/tracker.ts b/functions/tracker.ts
@@ -1,4 +1,5 @@
-import { Env, Context } from "./types";
+import { Env, Context, CustomRequest } from "./types";
+import { validatePOST } from "./validators";
 
 export const corsHeaders = {
   "Access-Control-Allow-Origin": "*",
@@ -12,7 +13,7 @@ export async function onRequest(ctx: Context): Promise<Response> {
   try {
     switch (request.method) {
       case "POST":
-        return await handleSet(url, env);
+        return await handleSet(url, env, request);
 
       case "GET":
         if (url.searchParams.has("key")) {
@@ -37,11 +38,20 @@ export async function onRequest(ctx: Context): Promise<Response> {
   }
 }
 
-async function handleSet(url: URL, env: Env): Promise<Response> {
+async function handleSet(url: URL, env: Env, request: CustomRequest): Promise<Response> {
   const key = url.searchParams.get("key");
   const value = url.searchParams.get("value");
 
   if (key && value) {
+    const isValid = await validatePOST(url, request);
+
+    if (!isValid) {
+      return new Response("Unauthorized", {
+        headers: corsHeaders,
+        status: 400,
+      });
+    }
+
     await env.userToReferral.put(key, value);
     return new Response(`Key '${key}' added with value '${value}'`, {
       headers: corsHeaders,
@@ -79,4 +89,4 @@ async function handleList(env: Env): Promise<Response> {
   return new Response(JSON.stringify(keyValuePairs, null, 2), {
     headers: { ...corsHeaders, "Content-Type": "application/json" },
   });
-}
+}
diff --git a/functions/types.ts b/functions/types.ts
@@ -1,7 +1,10 @@
 import { EventContext, KVNamespace } from "@cloudflare/workers-types";
+import { Request, IncomingRequestCfProperties } from "@cloudflare/workers-types";
 
 export interface Env {
   userToReferral: KVNamespace;
 }
 
-export type Context = EventContext<Env, string, Record<string, string>>;
+export type Context = EventContext<Env, string, Record<string, string>>;
+
+export type CustomRequest = Request<unknown, IncomingRequestCfProperties<unknown>>;
diff --git a/functions/validators.ts b/functions/validators.ts
@@ -0,0 +1,22 @@
+import { CustomRequest } from "./types";
+import { OAuthToken } from "../src/home/getters/get-github-access-token";
+
+export async function validatePOST(url: URL, request: CustomRequest): Promise<boolean> {
+  try {
+    const jsonData: unknown = await request.json();
+
+    const authToken = jsonData as OAuthToken;
+
+    const githubUserId = authToken?.user?.id;
+
+    const key = url.searchParams.get("key");
+
+    if (githubUserId && githubUserId == key) {
+      return true;
+    }
+    return false;
+  } catch (error) {
+    console.error("Invalid JSON");
+    return false;
+  }
+}
diff --git a/src/home/devrel-tracker.ts b/src/home/devrel-tracker.ts
@@ -1,3 +1,5 @@
+import { getGitHubAccessToken } from "./getters/get-github-access-token";
+
 declare const WORKER_URL: string; // @DEV: passed in at build time check build/esbuild-build.ts
 
 export function initiateDevRelTracking() {
@@ -18,8 +20,14 @@ export async function trackDevRelReferral(devGitHubId: number) {
   if (devRelCode && devRelCode != "done") {
     const url = `${WORKER_URL}/tracker?key=${encodeURIComponent(devGitHubId)}&value=${encodeURIComponent(devRelCode)}`;
 
+    const accessToken = await getGitHubAccessToken();
+
     const response = await fetch(url, {
-        method: 'POST',
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify(accessToken),
     });
 
     if (response.status === 200) {
@@ -28,4 +36,4 @@ export async function trackDevRelReferral(devGitHubId: number) {
       console.error(`Failed to set referral. Status: ${response.status}`);
     }
   }
-}
+}