diff --git a/sandbox/.env.example b/sandbox/.env.example index 3f8a0de..018c070 100644 --- a/sandbox/.env.example +++ b/sandbox/.env.example @@ -1,2 +1,3 @@ -ADMIN_URL="http://localhost:5173" -REPO_URL="http://localhost:7006" \ No newline at end of file +ADMIN_URL="http://127.0.0.1:3000" +REPO_URL="http://127.0.0.1:7006" +WEB_SANDBOX_SECRET="supersecret" \ No newline at end of file diff --git a/sandbox/docker-compose.yml b/sandbox/docker-compose.yml index 497292a..2a919e0 100644 --- a/sandbox/docker-compose.yml +++ b/sandbox/docker-compose.yml @@ -7,4 +7,5 @@ services: environment: - ADMIN_URL=${ADMIN_URL} - REPO_URL=${REPO_URL} + - WEB_SANDBOX_SECRET=${WEB_SANDBOX_SECRET} network_mode: 'host' diff --git a/sandbox/src/index.ts b/sandbox/src/index.ts index b6bffbb..187d4e7 100644 --- a/sandbox/src/index.ts +++ b/sandbox/src/index.ts @@ -49,7 +49,10 @@ enum SubmissionProcessingResult { } async function fetchQueuedSubmission(): Promise { - const res = await fetch(submissionApiUrl, { method: 'GET' }); + const res = await fetch(submissionApiUrl, { + method: 'GET', + headers: { secret: process.env.WEB_SANDBOX_SECRET! } + }); if (res.status !== 200) { console.error( `Failed to fetch from ${submissionApiUrl} with status: ${res.status} ${res.statusText}` @@ -142,7 +145,7 @@ async function cloneAndRun(submissionData: SubmissionGetData) { }; const res = await fetch(urlJoin(adminUrl, 'api/submission'), { method: 'POST', - headers: { 'Content-Type': 'application/json' }, + headers: { 'Content-Type': 'application/json', secret: process.env.WEB_SANDBOX_SECRET! }, body: JSON.stringify(postBodyObject) }); if (res.status !== 200) { @@ -183,7 +186,11 @@ function printRunResult(runResult: RunResult) { } function validateEnv(): boolean { - return process.env.ADMIN_URL !== undefined && process.env.REPO_URL !== undefined; + return ( + process.env.ADMIN_URL !== undefined && + process.env.REPO_URL !== undefined && + process.env.WEB_SANDBOX_SECRET !== undefined + ); } if (!validateEnv()) { diff --git a/web/.env.example b/web/.env.example index 035ed2f..4ee4fa7 100644 --- a/web/.env.example +++ b/web/.env.example @@ -1,4 +1,3 @@ DATABASE_URL=postgresql://bwcontest:password@127.0.0.1:5432/bwcontest -GIT_PORT=7006 -WEB_PORT=3000 -ORIGIN=http://127.0.0.1 \ No newline at end of file +ORIGIN=http://127.0.0.1:3000 +WEB_SANDBOX_SECRET="supersecret" \ No newline at end of file diff --git a/web/docker-compose.yml b/web/docker-compose.yml index 440d3da..e2b9172 100644 --- a/web/docker-compose.yml +++ b/web/docker-compose.yml @@ -14,12 +14,13 @@ services: context: ../ dockerfile: ./web/Dockerfile ports: - - ${WEB_PORT}:${WEB_PORT} - - ${GIT_PORT}:${GIT_PORT} + - 3000:3000 + - 7006:7006 environment: - DATABASE_URL=${DATABASE_URL} - - GIT_PORT=${GIT_PORT} - - ORIGIN=${ORIGIN}:${WEB_PORT} + - GIT_PORT=7006 + - ORIGIN=${ORIGIN} + - WEB_SANDBOX_SECRET=${WEB_SANDBOX_SECRET} volumes: - ./repo:/app/repo depends_on: diff --git a/web/src/routes/api/submission/+server.ts b/web/src/routes/api/submission/+server.ts index 204b8bc..d5d9abf 100644 --- a/web/src/routes/api/submission/+server.ts +++ b/web/src/routes/api/submission/+server.ts @@ -5,7 +5,11 @@ import { z } from 'zod'; import type { RequestHandler } from './$types'; import * as Diff from 'diff'; -export const GET = (async () => { +export const GET = (async ({ request }) => { + const secret = request.headers.get('secret'); + if (secret === null || secret !== process.env.WEB_SANDBOX_SECRET!) { + throw error(401, 'Unauthorized'); + } const submissions = await db.submission.findMany({ where: { state: SubmissionState.Queued }, orderBy: { createdAt: 'asc' }, @@ -56,6 +60,10 @@ const submissionPostData = z .strict(); export const POST = (async ({ request }) => { + const secret = request.headers.get('secret'); + if (secret === null || secret !== process.env.WEB_SANDBOX_SECRET!) { + throw error(401, 'Unauthorized'); + } const requestJson = await request.json(); const data = submissionPostData.safeParse(requestJson); if (!data.success) {