add authorization header in rss feed fetching request

2023-07-17 17:27:12 +08:00
parent 105f3ee3a5
commit 03ce4b00d2
2 changed files with 26 additions and 2 deletions
--- a/packages/rss-handler/src/index.ts
+++ b/packages/rss-handler/src/index.ts
@ -98,13 +98,31 @@ export const rssHandler = Sentry.GCPFunction.wrapHttpFunction(
      return res.status(500).send('INTERNAL_SERVER_ERROR')
    }

+    const token = req.header('Omnivore-Authorization')
+    if (!token) {
+      console.error('Missing authorization header')
+      return res.status(401).send('UNAUTHORIZED')
+    }
+
    try {
+      let userId: string
+
+      try {
+        const decoded = jwt.verify(token, process.env.JWT_SECRET) as {
+          uid: string
+        }
+        userId = decoded.uid
+      } catch (e) {
+        console.error('Authorization error', e)
+        return res.status(401).send('UNAUTHORIZED')
+      }
+
      if (!isRssFeedRequest(req.body)) {
        console.error('Invalid request body', req.body)
        return res.status(400).send('INVALID_REQUEST_BODY')
      }

-      const { userId, feedUrl, subscriptionId, lastFetchedAt } = req.body
+      const { feedUrl, subscriptionId, lastFetchedAt } = req.body
      console.log('Processing feed', feedUrl, lastFetchedAt)

      // fetch feed