From 87b11277d1c9bd737d70d228394178f80be86f80 Mon Sep 17 00:00:00 2001
From: Jackson Harper <jacksonh@gmail.com>
Date: Fri, 13 May 2022 15:14:09 -0700
Subject: [PATCH] Add token verification to the content-fetch service

---
 packages/content-fetch/app.js | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/packages/content-fetch/app.js b/packages/content-fetch/app.js
index c0b6b5bf6..60f3031c5 100644
--- a/packages/content-fetch/app.js
+++ b/packages/content-fetch/app.js
@@ -1,5 +1,3 @@
-
-
 const express = require('express');
 
 const app = express();
@@ -8,12 +6,25 @@ const fetchContent = require('./fetch-content');
 app.use(express.json());
 app.use(express.urlencoded({ extended: true }));
 
+if (!process.env.VERIFICATION_TOKEN) {
+  throw new Error('VERIFICATION_TOKEN environment variable is not set');
+}
 
 app.get('/', (req, res) => {
+  if (req.query.token !== process.env.VERIFICATION_TOKEN) {
+    console.log('query does not include valid token')
+    res.send(403)
+    return
+  }
   fetchContent(req, res)
 });
 
 app.post('/', (req, res) => {
+  if (req.query.token !== process.env.VERIFICATION_TOKEN) {
+    console.log('query does not include valid token')
+    res.send(403)
+    return
+  }
   fetchContent(req, res)
 });