diff --git a/src/backend/impress/settings.py b/src/backend/impress/settings.py index b5789dc8..86be1e55 100755 --- a/src/backend/impress/settings.py +++ b/src/backend/impress/settings.py @@ -506,7 +506,6 @@ class Base(Configuration): } # Y provider microservice - # Note: Be careful, this value is currently the same as in the collaboration service. Y_PROVIDER_API_KEY = values.Value( environ_name="Y_PROVIDER_API_KEY", environ_prefix=None, diff --git a/src/frontend/servers/y-provider/__tests__/server.test.ts b/src/frontend/servers/y-provider/__tests__/server.test.ts index 7e9fe4c8..c1ff4393 100644 --- a/src/frontend/servers/y-provider/__tests__/server.test.ts +++ b/src/frontend/servers/y-provider/__tests__/server.test.ts @@ -14,6 +14,7 @@ jest.mock('../src/env', () => { PORT: port, COLLABORATION_SERVER_ORIGIN: origin, COLLABORATION_SERVER_SECRET: 'test-secret-api-key', + Y_PROVIDER_API_KEY: 'yprovider-api-key', }; }); @@ -115,7 +116,7 @@ describe('Server Tests', () => { const response = await request(app as any) .post('/api/convert-markdown') .set('Origin', origin) - .set('Authorization', 'test-secret-api-key'); + .set('Authorization', 'yprovider-api-key'); expect(response.status).toBe(400); expect(response.body.error).toBe('Invalid request: missing content'); @@ -125,7 +126,7 @@ describe('Server Tests', () => { const response = await request(app as any) .post('/api/convert-markdown') .set('Origin', origin) - .set('Authorization', 'test-secret-api-key') + .set('Authorization', 'yprovider-api-key') .send({ content: '', }); diff --git a/src/frontend/servers/y-provider/src/env.ts b/src/frontend/servers/y-provider/src/env.ts index e2a8d782..7f23bfc5 100644 --- a/src/frontend/servers/y-provider/src/env.ts +++ b/src/frontend/servers/y-provider/src/env.ts @@ -4,5 +4,7 @@ export const COLLABORATION_SERVER_ORIGIN = process.env.COLLABORATION_SERVER_ORIGIN || 'http://localhost:3000'; export const COLLABORATION_SERVER_SECRET = process.env.COLLABORATION_SERVER_SECRET || 'secret-api-key'; +export const Y_PROVIDER_API_KEY = + process.env.Y_PROVIDER_API_KEY || 'yprovider-api-key'; export const PORT = Number(process.env.PORT || 4444); export const SENTRY_DSN = process.env.SENTRY_DSN || ''; diff --git a/src/frontend/servers/y-provider/src/middlewares.ts b/src/frontend/servers/y-provider/src/middlewares.ts index 11344a27..48e56895 100644 --- a/src/frontend/servers/y-provider/src/middlewares.ts +++ b/src/frontend/servers/y-provider/src/middlewares.ts @@ -4,10 +4,13 @@ import * as ws from 'ws'; import { COLLABORATION_SERVER_ORIGIN, COLLABORATION_SERVER_SECRET, + Y_PROVIDER_API_KEY, } from '@/env'; import { logger } from './utils'; +const VALID_API_KEYS = [COLLABORATION_SERVER_SECRET, Y_PROVIDER_API_KEY]; + export const httpSecurity = ( req: Request, res: Response, @@ -27,7 +30,7 @@ export const httpSecurity = ( // Secret API Key check // Note: Changing this header to Bearer token format will break backend compatibility with this microservice. const apiKey = req.headers['authorization']; - if (apiKey !== COLLABORATION_SERVER_SECRET) { + if (!apiKey || !VALID_API_KEYS.includes(apiKey)) { res.status(403).json({ error: 'Forbidden: Invalid API Key' }); return; } diff --git a/src/helm/env.d/dev/values.impress.yaml.gotmpl b/src/helm/env.d/dev/values.impress.yaml.gotmpl index d49cd4a6..7533f5a7 100644 --- a/src/helm/env.d/dev/values.impress.yaml.gotmpl +++ b/src/helm/env.d/dev/values.impress.yaml.gotmpl @@ -105,6 +105,7 @@ yProvider: COLLABORATION_LOGGING: true COLLABORATION_SERVER_ORIGIN: https://impress.127.0.0.1.nip.io COLLABORATION_SERVER_SECRET: my-secret + Y_PROVIDER_API_KEY: my-secret ingress: enabled: true