Merge pull request #1 from Yuri-Tiofilo/feature/add-key-and-token-gif…

…tard-protocol

feature: add auth key and token in provider

manifest.json

@@ -25,5 +25,21 @@
       }
     }
   ],
+  "settingsSchema": {
+    "title": "Gift Card Protocol Example Paramters",
+    "type": "object",
+    "properties": {
+      "giftCardHubAppKey": {
+        "title": "GiftCard Protocol App Key",
+        "type": "string",
+        "description": "GiftCard HUB App Key"
+      },
+      "giftCardHubAppToken": {
+        "title": "GiftCard Protocol App Token",
+        "type": "string",
+        "description": "GiftCard HUB App Token"
+      }
+    }
+  },
   "$schema": "https://raw.githubusercontent.com/vtex/node-vtex-api/master/gen/manifest.schema"
 }

node/handlers/credentials.ts

@@ -0,0 +1,49 @@
+export async function validateCredentials(ctx: Context, next: () => Promise<any>) {
+  if (!ctx.headers['x-provider-api-appkey'] || !ctx.headers['x-provider-api-apptoken']) {
+    ctx.status = 401
+    ctx.body = {
+      message: 'Unauthorized request',
+      status: 401
+    }
+    return
+  }
+
+  let appSettings: Record<string, unknown>;
+
+  try {
+  const appId = process.env.VTEX_APP_ID || ctx.vtex
+
+    appSettings = await ctx.clients.apps.getAppSettings(appId)
+
+    if (!appSettings) {
+      ctx.status = 400;
+      ctx.body = {
+        message: 'Empty app settings giftcard protocol configuration',
+        status: 400
+      }
+      return
+    }
+  } catch (error) {
+    ctx.status = 500;
+    ctx.body = {
+      message: 'error loading app settings',
+      status: 500
+    }
+    return
+  }
+
+  const { giftCardHubAppKey, giftCardHubAppToken } = appSettings
+
+  if (ctx.headers['x-provider-api-appkey'] !== giftCardHubAppKey ||
+    ctx.headers['x-provider-api-apptoken'] !== giftCardHubAppToken
+  ) {
+    ctx.status = 403
+    ctx.body = {
+      message: 'Forbidden request',
+      status: 403
+    }
+    return
+  }
+
+  return await next()
+}

node/index.ts

@@ -23,6 +23,7 @@ import {
 import { deleteGiftCardProvider } from './resolvers/deleteGiftCardProvider'
 import { getGiftCardProviders } from './resolvers/getProviders'
 import { setGiftCardProvider } from './resolvers/setGiftCardProvider'
+import { validateCredentials } from './handlers/credentials'
 
 const TIMEOUT_MS = 800
 
@@ -60,31 +61,31 @@ export default new Service<Clients, RecorderState, ParamsContext>({
   },
   routes: {
     authorization: method({
-      GET: [getTransactionAuthorization],
+      GET: [validateCredentials, getTransactionAuthorization],
     }),
     cancellation: method({
-      GET: [listAllCancellations],
-      POST: [createCancellation],
+      GET: [validateCredentials, listAllCancellations],
+      POST: [validateCredentials, createCancellation],
     }),
     create: method({
-      POST: [getOrCreateGiftCard],
+      POST: [validateCredentials, getOrCreateGiftCard],
     }),
     get: method({
-      GET: [getOrCreateGiftCard],
+      GET: [validateCredentials, getOrCreateGiftCard],
     }),
     getTransaction: method({
-      GET: [getTransactionById],
+      GET: [validateCredentials, getTransactionById],
     }),
     list: method({
-      POST: [listGiftCards],
+      POST: [validateCredentials, listGiftCards],
     }),
     settlement: method({
-      GET: [listAllSettlements],
-      POST: [createSettlement],
+      GET: [validateCredentials, listAllSettlements],
+      POST: [validateCredentials, createSettlement],
     }),
     transactions: method({
-      GET: [listTransactions],
-      POST: [createTransaction],
+      GET: [validateCredentials, listTransactions],
+      POST: [validateCredentials, createTransaction],
     }),
   },
 })