diff --git a/client/js/admin.ts b/client/js/admin.ts index 998db58b..6c25c2f0 100644 --- a/client/js/admin.ts +++ b/client/js/admin.ts @@ -470,7 +470,6 @@ settingsUpdateButton.addEventListener("click", e => { let adminEmailData = new FormData(); adminEmailData.append("adminString", (document.getElementById("admin-emails") as HTMLInputElement).value); adminEmailData.append("addAdmins", (document.getElementById("add-admins") as HTMLInputElement).checked ? "true" : "false"); - let branchRoleData = new FormData(); let branchRoles = document.querySelectorAll("div.branch-role") as NodeListOf; for (let i = 0; i < branchRoles.length; i++) { diff --git a/deployment.yaml b/deployment.yaml index c89d8ce0..5fd07ecf 100644 --- a/deployment.yaml +++ b/deployment.yaml @@ -8,6 +8,7 @@ health: path: /version secrets: + - ADMIN_KEY_SECRET - SESSION_SECRET - EMAIL_USERNAME - EMAIL_PASSWORD diff --git a/package-lock.json b/package-lock.json index 37b8b52e..ca801b5c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "registration", - "version": "1.10.7", + "version": "1.10.8", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 4674f4f4..c0e206f3 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "registration", - "version": "1.10.7", + "version": "1.10.8", "description": "TBD", "main": "server/app.js", "scripts": { diff --git a/server/common.ts b/server/common.ts index 25de6ed0..08871ab7 100644 --- a/server/common.ts +++ b/server/common.ts @@ -11,18 +11,19 @@ import { IConfig } from "./schema"; import { storageEngines } from "./storage"; class Config implements IConfig.Main { public secrets: IConfig.Secrets = { - "session": crypto.randomBytes(32).toString("hex"), - "github": { - "id": "", - "secret": "" + adminKey: crypto.randomBytes(32).toString("hex"), + session: crypto.randomBytes(32).toString("hex"), + github: { + id: "", + secret: "" }, - "google": { - "id": "", - "secret": "" + google: { + id: "", + secret: "" }, - "facebook": { - "id": "", - "secret": "" + facebook: { + id: "", + secret: "" } }; public email: IConfig.Email = { @@ -126,6 +127,12 @@ class Config implements IConfig.Main { } protected loadFromEnv(): void { // Secrets + if (process.env.ADMIN_KEY_SECRET) { + this.secrets.adminKey = process.env.ADMIN_KEY_SECRET!; + } + else { + console.warn("Setting random admin key! Cannot use the service-to-service APIs."); + } if (process.env.SESSION_SECRET) { this.secrets.session = process.env.SESSION_SECRET!; this.sessionSecretSet = true; diff --git a/server/middleware.ts b/server/middleware.ts index e3adefb4..9fdec3fe 100644 --- a/server/middleware.ts +++ b/server/middleware.ts @@ -73,7 +73,20 @@ export function isUserOrAdmin(request: express.Request, response: express.Respon export function isAdmin(request: express.Request, response: express.Response, next: express.NextFunction) { response.setHeader("Cache-Control", "private"); let user = request.user as IUser; - if (!request.isAuthenticated()) { + const auth = request.headers.authorization; + + if (auth && typeof auth === "string" && auth.indexOf(" ") > -1) { + const key = new Buffer(auth.split(" ")[1], "base64").toString(); + if (key === config.secrets.adminKey) { + next(); + } + else { + response.status(401).json({ + "error": "Incorrect auth token!" + }); + } + } + else if (!request.isAuthenticated()) { response.status(401).json({ "error": "You must log in to access this endpoint" }); diff --git a/server/routes/api/settings.ts b/server/routes/api/settings.ts index aed88c03..f0d2a111 100644 --- a/server/routes/api/settings.ts +++ b/server/routes/api/settings.ts @@ -70,7 +70,7 @@ settingsRoutes.route("/qr_enabled") catch (err) { console.error(err); response.status(500).json({ - "error": "An error occurred while enabling or disabling teams" + "error": "An error occurred while enabling or disabling qr codes" }); } }); diff --git a/server/schema.ts b/server/schema.ts index f8972d98..5cf41264 100644 --- a/server/schema.ts +++ b/server/schema.ts @@ -7,6 +7,7 @@ import {Questions} from "./config/questions.schema"; // Secrets JSON file schema export namespace IConfig { export interface Secrets { + adminKey: string; session: string; github: { id: string;