Use config flag to change whether token integrity is checked

ref KTLO-1
Allows us to get this out to self-hosters much faster
This commit is contained in:
Sam Lord 2024-08-22 22:07:33 +01:00 committed by Sam Lord
parent 23c0882019
commit 244e612f53

View File

@ -169,20 +169,27 @@ const createIntegrityToken = async function createIntegrityToken(req, res) {
};
const verifyIntegrityToken = async function verifyIntegrityToken(req, res, next) {
const shouldThrowForInvalidToken = config.get('verifyRequestIntegrity');
try {
const token = req.body.integrityToken;
if (!token) {
logging.warn('Request with missing integrity token.');
// In future this will throw an error
if (shouldThrowForInvalidToken) {
throw new errors.BadRequestError();
} else {
return next();
}
}
if (membersService.requestIntegrityTokenProvider.validate(token)) {
return next();
} else {
logging.warn('Request with invalid integrity token.');
// In future this will throw an error
if (shouldThrowForInvalidToken) {
throw new errors.BadRequestError();
} else {
return next();
}
}
} catch (err) {
next(err);
}