From e73b7924968c25fb485edc6bee945d197002ae1b Mon Sep 17 00:00:00 2001
From: Krzysztof Wolski <krzysztof.k.wolski@gmail.com>
Date: Tue, 6 Dec 2022 18:26:14 +0100
Subject: [PATCH] Check app id during the registration (#136)

* Check the App ID before saving the auth data

* Update the test
---
 .../next/create-app-register-handler.test.ts  |  4 +++
 .../next/create-app-register-handler.ts       | 26 +++++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/src/handlers/next/create-app-register-handler.test.ts b/src/handlers/next/create-app-register-handler.test.ts
index aed96c8..804f39c 100644
--- a/src/handlers/next/create-app-register-handler.test.ts
+++ b/src/handlers/next/create-app-register-handler.test.ts
@@ -6,6 +6,10 @@ import { createAppRegisterHandler } from "./create-app-register-handler";
 
 describe("create-app-register-handler", () => {
   it("Sets auth data for correct request", async () => {
+    vi.mock("../../get-app-id", () => ({
+      getAppId: vi.fn().mockResolvedValue("42"),
+    }));
+
     const mockApl: APL = {
       get: vi.fn(),
       set: vi.fn(),
diff --git a/src/handlers/next/create-app-register-handler.ts b/src/handlers/next/create-app-register-handler.ts
index 5b356bf..22d0f86 100644
--- a/src/handlers/next/create-app-register-handler.ts
+++ b/src/handlers/next/create-app-register-handler.ts
@@ -4,9 +4,13 @@ import { withMethod } from "retes/middleware";
 import { Response } from "retes/response";
 
 import { SALEOR_DOMAIN_HEADER } from "../../const";
+import { createDebug } from "../../debug";
+import { getAppId } from "../../get-app-id";
 import { withAuthTokenRequired, withSaleorDomainPresent } from "../../middleware";
 import { HasAPL } from "../../saleor-app";
 
+const debug = createDebug("createAppRegisterHandler");
+
 export type CreateAppRegisterHandlerOptions = HasAPL;
 
 /**
@@ -16,12 +20,14 @@ export type CreateAppRegisterHandlerOptions = HasAPL;
  */
 export const createAppRegisterHandler = ({ apl }: CreateAppRegisterHandlerOptions) => {
   const baseHandler: Handler = async (request) => {
+    debug("Request received");
     const authToken = request.params.auth_token;
     const saleorDomain = request.headers[SALEOR_DOMAIN_HEADER] as string;
 
     const { configured: aplConfigured } = await apl.isConfigured();
 
     if (!aplConfigured) {
+      debug("The APL has not been configured");
       return new Response(
         {
           success: false,
@@ -36,9 +42,28 @@ export const createAppRegisterHandler = ({ apl }: CreateAppRegisterHandlerOption
       );
     }
 
+    // Try to get App ID from the API, to confirm that communication can be established
+    const appId = await getAppId({ domain: saleorDomain, token: authToken });
+    if (!appId) {
+      return new Response(
+        {
+          success: false,
+          error: {
+            code: "UNKNOWN_APP_ID",
+            message:
+              "The auth data given during registration request could not be used to fetch app ID.",
+          },
+        },
+        {
+          status: 401,
+        }
+      );
+    }
+
     try {
       await apl.set({ domain: saleorDomain, token: authToken });
     } catch {
+      debug("There was an error during saving the auth data");
       return Response.InternalServerError({
         success: false,
         error: {
@@ -46,6 +71,7 @@ export const createAppRegisterHandler = ({ apl }: CreateAppRegisterHandlerOption
         },
       });
     }
+    debug("Register  complete");
     return Response.OK({ success: true });
   };