Merge security/web-sandbox-secret
This commit is contained in:
parent
2dabb4f9bc
commit
59ff0b4560
@ -1,2 +1,3 @@
|
||||
ADMIN_URL="http://localhost:5173"
|
||||
REPO_URL="http://localhost:7006"
|
||||
ADMIN_URL="http://127.0.0.1:3000"
|
||||
REPO_URL="http://127.0.0.1:7006"
|
||||
WEB_SANDBOX_SECRET="supersecret"
|
@ -7,4 +7,5 @@ services:
|
||||
environment:
|
||||
- ADMIN_URL=${ADMIN_URL}
|
||||
- REPO_URL=${REPO_URL}
|
||||
- WEB_SANDBOX_SECRET=${WEB_SANDBOX_SECRET}
|
||||
network_mode: 'host'
|
||||
|
@ -49,7 +49,10 @@ enum SubmissionProcessingResult {
|
||||
}
|
||||
|
||||
async function fetchQueuedSubmission(): Promise<SubmissionGetData | undefined> {
|
||||
const res = await fetch(submissionApiUrl, { method: 'GET' });
|
||||
const res = await fetch(submissionApiUrl, {
|
||||
method: 'GET',
|
||||
headers: { secret: process.env.WEB_SANDBOX_SECRET! }
|
||||
});
|
||||
if (res.status !== 200) {
|
||||
console.error(
|
||||
`Failed to fetch from ${submissionApiUrl} with status: ${res.status} ${res.statusText}`
|
||||
@ -142,7 +145,7 @@ async function cloneAndRun(submissionData: SubmissionGetData) {
|
||||
};
|
||||
const res = await fetch(urlJoin(adminUrl, 'api/submission'), {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
headers: { 'Content-Type': 'application/json', secret: process.env.WEB_SANDBOX_SECRET! },
|
||||
body: JSON.stringify(postBodyObject)
|
||||
});
|
||||
if (res.status !== 200) {
|
||||
@ -183,7 +186,11 @@ function printRunResult(runResult: RunResult) {
|
||||
}
|
||||
|
||||
function validateEnv(): boolean {
|
||||
return process.env.ADMIN_URL !== undefined && process.env.REPO_URL !== undefined;
|
||||
return (
|
||||
process.env.ADMIN_URL !== undefined &&
|
||||
process.env.REPO_URL !== undefined &&
|
||||
process.env.WEB_SANDBOX_SECRET !== undefined
|
||||
);
|
||||
}
|
||||
|
||||
if (!validateEnv()) {
|
||||
|
@ -1,4 +1,3 @@
|
||||
DATABASE_URL=postgresql://bwcontest:password@127.0.0.1:5432/bwcontest
|
||||
GIT_PORT=7006
|
||||
WEB_PORT=3000
|
||||
ORIGIN=http://127.0.0.1
|
||||
ORIGIN=http://127.0.0.1:3000
|
||||
WEB_SANDBOX_SECRET="supersecret"
|
@ -14,12 +14,13 @@ services:
|
||||
context: ../
|
||||
dockerfile: ./web/Dockerfile
|
||||
ports:
|
||||
- ${WEB_PORT}:${WEB_PORT}
|
||||
- ${GIT_PORT}:${GIT_PORT}
|
||||
- 3000:3000
|
||||
- 7006:7006
|
||||
environment:
|
||||
- DATABASE_URL=${DATABASE_URL}
|
||||
- GIT_PORT=${GIT_PORT}
|
||||
- ORIGIN=${ORIGIN}:${WEB_PORT}
|
||||
- GIT_PORT=7006
|
||||
- ORIGIN=${ORIGIN}
|
||||
- WEB_SANDBOX_SECRET=${WEB_SANDBOX_SECRET}
|
||||
volumes:
|
||||
- ./repo:/app/repo
|
||||
depends_on:
|
||||
|
@ -5,7 +5,11 @@ import { z } from 'zod';
|
||||
import type { RequestHandler } from './$types';
|
||||
import * as Diff from 'diff';
|
||||
|
||||
export const GET = (async () => {
|
||||
export const GET = (async ({ request }) => {
|
||||
const secret = request.headers.get('secret');
|
||||
if (secret === null || secret !== process.env.WEB_SANDBOX_SECRET!) {
|
||||
throw error(401, 'Unauthorized');
|
||||
}
|
||||
const submissions = await db.submission.findMany({
|
||||
where: { state: SubmissionState.Queued },
|
||||
orderBy: { createdAt: 'asc' },
|
||||
@ -56,6 +60,10 @@ const submissionPostData = z
|
||||
.strict();
|
||||
|
||||
export const POST = (async ({ request }) => {
|
||||
const secret = request.headers.get('secret');
|
||||
if (secret === null || secret !== process.env.WEB_SANDBOX_SECRET!) {
|
||||
throw error(401, 'Unauthorized');
|
||||
}
|
||||
const requestJson = await request.json();
|
||||
const data = submissionPostData.safeParse(requestJson);
|
||||
if (!data.success) {
|
||||
|
Loading…
Reference in New Issue
Block a user