support external browser chrome extension distinct secret key

pH-7 · pH-7 · commit 48ffd5b6bb08 · 2024-03-15T12:37:48.000+11:00
diff --git a/.env.dist b/.env.dist
@@ -1,6 +1,7 @@
 ## API
 APP_PORT=3004
 JWT_SECRET=""
+BROWSER_EXTENSION_SECRET=""
 JWT_TOKEN_EXPIRY_TIME="3h"
 
 ## Mistral AI
diff --git a/src/config/index.ts b/src/config/index.ts
@@ -7,6 +7,7 @@ interface ConfigProps {
   // App Server
   port: string | number;
   jwtToken: string;
+  browserExtensionSecret: string;
   jwtTokenExpiryTime: string;
 
   // Mistral AI
@@ -28,6 +29,7 @@ interface ConfigProps {
 const config: ConfigProps = {
   port: process.env.APP_PORT || 3000,
   jwtToken: process.env.JWT_SECRET || 'jwt-secret',
+  browserExtensionSecret: process.env.BROWSER_EXTENSION_SECRET || 'browser-secret',
   jwtTokenExpiryTime: process.env.JWT_TOKEN_EXPIRY_TIME || '1h',
 
   mistralAiApiEnabled: !!process.env.MISTRAL_AI_API_ENABLED,
diff --git a/src/middlewares/authMiddleware.ts b/src/middlewares/authMiddleware.ts
@@ -30,7 +30,7 @@ export const authMiddleware = (req: Request, res: Response, next: NextFunction)
   }
 
   try {
-    if (sid !== config.jwtToken) {
+    if ([config.jwtToken, config.browserExtensionSecret].includes(sid)) {
       throw new Error('Invalid token');
     }
 

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ export const authMiddleware = (req: Request, res: Response, next: NextFunction)`
`30`	`30`	`}`
`31`	`31`
`32`	`32`	`try {`
`33`		`- if (sid !== config.jwtToken) {`
	`33`	`+ if ([config.jwtToken, config.browserExtensionSecret].includes(sid)) {`
`34`	`34`	`throw new Error('Invalid token');`
`35`	`35`	`}`
`36`	`36`