Export Via Key Functionality

client/js/admin.ts

@@ -470,7 +470,6 @@ settingsUpdateButton.addEventListener("click", e => {
 	let adminEmailData = new FormData();
 	adminEmailData.append("adminString", (document.getElementById("admin-emails") as HTMLInputElement).value);
 	adminEmailData.append("addAdmins", (document.getElementById("add-admins") as HTMLInputElement).checked ? "true" : "false");
-
 	let branchRoleData = new FormData();
 	let branchRoles = document.querySelectorAll("div.branch-role") as NodeListOf<HTMLDivElement>;
 	for (let i = 0; i < branchRoles.length; i++) {

deployment.yaml

@@ -8,6 +8,7 @@ health:
   path: /version
 
 secrets:
+  - ADMIN_KEY_SECRET
   - SESSION_SECRET
   - EMAIL_USERNAME
   - EMAIL_PASSWORD

package.json

@@ -1,6 +1,6 @@
 {
   "name": "registration",
-  "version": "1.10.7",
+  "version": "1.10.8",
   "description": "TBD",
   "main": "server/app.js",
   "scripts": {

server/common.ts

@@ -11,18 +11,19 @@ import { IConfig } from "./schema";
 import { storageEngines } from "./storage";
 class Config implements IConfig.Main {
 	public secrets: IConfig.Secrets = {
-		"session": crypto.randomBytes(32).toString("hex"),
-		"github": {
-			"id": "",
-			"secret": ""
+		adminKey: crypto.randomBytes(32).toString("hex"),
+		session: crypto.randomBytes(32).toString("hex"),
+		github: {
+			id: "",
+			secret: ""
 		},
-		"google": {
-			"id": "",
-			"secret": ""
+		google: {
+			id: "",
+			secret: ""
 		},
-		"facebook": {
-			"id": "",
-			"secret": ""
+		facebook: {
+			id: "",
+			secret: ""
 		}
 	};
 	public email: IConfig.Email = {
@@ -126,6 +127,12 @@ class Config implements IConfig.Main {
 	}
 	protected loadFromEnv(): void {
 		// Secrets
+		if (process.env.ADMIN_KEY_SECRET) {
+			this.secrets.adminKey = process.env.ADMIN_KEY_SECRET!;
+		}
+		else {
+			console.warn("Setting random admin key! Cannot use the service-to-service APIs.");
+		}
 		if (process.env.SESSION_SECRET) {
 			this.secrets.session = process.env.SESSION_SECRET!;
 			this.sessionSecretSet = true;

server/middleware.ts

@@ -73,7 +73,20 @@ export function isUserOrAdmin(request: express.Request, response: express.Respon
 export function isAdmin(request: express.Request, response: express.Response, next: express.NextFunction) {
 	response.setHeader("Cache-Control", "private");
 	let user = request.user as IUser;
-	if (!request.isAuthenticated()) {
+	const auth = request.headers.authorization;
+
+	if (auth && typeof auth === "string" && auth.indexOf(" ") > -1) {
+		const key = new Buffer(auth.split(" ")[1], "base64").toString();
+		if (key === config.secrets.adminKey) {
+			next();
+		}
+		else {
+			response.status(401).json({
+				"error": "Incorrect auth token!"
+			});
+		}
+	}
+	else if (!request.isAuthenticated()) {
 		response.status(401).json({
 			"error": "You must log in to access this endpoint"
 		});

server/routes/api/settings.ts

@@ -70,7 +70,7 @@ settingsRoutes.route("/qr_enabled")
 		catch (err) {
 			console.error(err);
 			response.status(500).json({
-				"error": "An error occurred while enabling or disabling teams"
+				"error": "An error occurred while enabling or disabling qr codes"
 			});
 		}
 	});

server/schema.ts

@@ -7,6 +7,7 @@ import {Questions} from "./config/questions.schema";
 // Secrets JSON file schema
 export namespace IConfig {
 	export interface Secrets {
+		adminKey: string;
 		session: string;
 		github: {
 			id: string;