Update types on headers util

2022-09-02 16:52:44 +02:00 · 2022-09-02 16:52:44 +02:00 · eb062c6b10
commit eb062c6b10
parent 0bd2be9a5f
4 changed files with 32 additions and 7 deletions
--- a/src/headers.ts
+++ b/src/headers.ts
@ -5,9 +5,14 @@ import {
  SALEOR_SIGNATURE_HEADER,
 } from "./const";

-export const getSaleorHeaders = (headers: { [name: string]: any }) => ({
-  domain: headers[SALEOR_DOMAIN_HEADER],
-  authorizationBearer: headers[SALEOR_AUTHORIZATION_BEARER_HEADER],
-  signature: headers[SALEOR_SIGNATURE_HEADER],
-  event: headers[SALEOR_EVENT_HEADER],
+const toStringOrUndefined = (value: string | string[] | undefined) =>
+  value ? value.toString() : undefined;
+
+export const getSaleorHeaders = (headers: {
+  [name: string]: string | string[] | undefined;
+}): Record<string, string | undefined> => ({
+  domain: toStringOrUndefined(headers[SALEOR_DOMAIN_HEADER]),
+  authorizationBearer: toStringOrUndefined(headers[SALEOR_AUTHORIZATION_BEARER_HEADER]),
+  signature: toStringOrUndefined(headers[SALEOR_SIGNATURE_HEADER]),
+  event: toStringOrUndefined(headers[SALEOR_EVENT_HEADER]),
 });
--- a/src/middleware/with-jwt-verified.ts
+++ b/src/middleware/with-jwt-verified.ts
@ -2,7 +2,7 @@ import * as jose from "jose";
 import type { Middleware, Request } from "retes";
 import { Response } from "retes/response";

-import { SALEOR_AUTHORIZATION_BEARER_HEADER } from "../const";
+import { SALEOR_AUTHORIZATION_BEARER_HEADER, SALEOR_DOMAIN_HEADER } from "../const";
 import { getSaleorHeaders } from "../headers";
 import { getJwksUrl } from "../urls";

@ -24,6 +24,13 @@ export const withJWTVerified =
      });
    }

+    if (domain === undefined) {
+      return Response.BadRequest({
+        success: false,
+        message: `${ERROR_MESSAGE} Missing ${SALEOR_DOMAIN_HEADER} header.`,
+      });
+    }
+
    let tokenClaims: DashboardTokenPayload;
    try {
      tokenClaims = jose.decodeJwt(token as string) as DashboardTokenPayload;
--- a/src/middleware/with-registered-saleor-domain-header.ts
+++ b/src/middleware/with-registered-saleor-domain-header.ts
@ -9,6 +9,12 @@ export const withRegisteredSaleorDomainHeader =
  (handler) =>
  async (request) => {
    const { domain: saleorDomain } = getSaleorHeaders(request.headers);
+    if (!saleorDomain) {
+      return Response.BadRequest({
+        success: false,
+        message: "Domain header missing.",
+      });
+    }
    const authData = await apl.get(saleorDomain);
    if (!authData) {
      return Response.Forbidden({
--- a/src/middleware/with-webhook-signature-verified.ts
+++ b/src/middleware/with-webhook-signature-verified.ts
@ -3,7 +3,7 @@ import * as jose from "jose";
 import { Middleware } from "retes";
 import { Response } from "retes/response";

-import { SALEOR_SIGNATURE_HEADER } from "../const";
+import { SALEOR_DOMAIN_HEADER, SALEOR_SIGNATURE_HEADER } from "../const";
 import { getSaleorHeaders } from "../headers";
 import { getJwksUrl } from "../urls";

@ -29,6 +29,13 @@ export const withWebhookSignatureVerified =
      });
    }

+    if (!saleorDomain) {
+      return Response.BadRequest({
+        success: false,
+        message: `${ERROR_MESSAGE} Missing ${SALEOR_DOMAIN_HEADER} header.`,
+      });
+    }
+
    if (secretKey !== undefined) {
      const calculatedSignature = crypto
        .createHmac("sha256", secretKey)