diff --git a/packages/api/src/utils/createTask.ts b/packages/api/src/utils/createTask.ts index 8642b4282..ea3745594 100644 --- a/packages/api/src/utils/createTask.ts +++ b/packages/api/src/utils/createTask.ts @@ -572,16 +572,22 @@ export const enqueueRssFeedFetch = async ( const { GOOGLE_CLOUD_PROJECT } = process.env const payload = { subscriptionId: rssFeedSubscription.id, - userId: rssFeedSubscription.user.id, feedUrl: rssFeedSubscription.url, lastFetchedAt: rssFeedSubscription.lastFetchedAt, } + const headers = { + [OmnivoreAuthorizationHeader]: generateVerificationToken( + rssFeedSubscription.user.id + ), + } + const createdTasks = await createHttpTaskWithToken({ project: GOOGLE_CLOUD_PROJECT, queue: 'omnivore-rss-queue', payload, taskHandlerUrl: env.queue.rssFeedTaskHandlerUrl, + requestHeaders: headers, }) if (!createdTasks || !createdTasks[0].name) { diff --git a/packages/rss-handler/src/index.ts b/packages/rss-handler/src/index.ts index cd69a63bf..ababb9177 100644 --- a/packages/rss-handler/src/index.ts +++ b/packages/rss-handler/src/index.ts @@ -98,13 +98,31 @@ export const rssHandler = Sentry.GCPFunction.wrapHttpFunction( return res.status(500).send('INTERNAL_SERVER_ERROR') } + const token = req.header('Omnivore-Authorization') + if (!token) { + console.error('Missing authorization header') + return res.status(401).send('UNAUTHORIZED') + } + try { + let userId: string + + try { + const decoded = jwt.verify(token, process.env.JWT_SECRET) as { + uid: string + } + userId = decoded.uid + } catch (e) { + console.error('Authorization error', e) + return res.status(401).send('UNAUTHORIZED') + } + if (!isRssFeedRequest(req.body)) { console.error('Invalid request body', req.body) return res.status(400).send('INVALID_REQUEST_BODY') } - const { userId, feedUrl, subscriptionId, lastFetchedAt } = req.body + const { feedUrl, subscriptionId, lastFetchedAt } = req.body console.log('Processing feed', feedUrl, lastFetchedAt) // fetch feed