From 13c9ae4171a0696df58b153b6ee99c088c27cefb Mon Sep 17 00:00:00 2001
From: alex <alex@alexloehr.net>
Date: Thu, 15 May 2025 21:43:56 +0000
Subject: [PATCH] adding auth token

---
 settings.js |    1 +
 app.js      |   19 +++++++++++++++++++
 2 files changed, 20 insertions(+), 0 deletions(-)

diff --git a/app.js b/app.js
index e0d7ec2..6240f3f 100644
--- a/app.js
+++ b/app.js
@@ -2,8 +2,21 @@
    logger: true
 })
 const db = require("./lib/db")
+const settings = require("./settings")
 
 /////////////////////////////////////////////////////////////////////////
+
+// AUTH
+fastify.addHook("onRequest", async (req, res) => {
+   const token = req.query.token
+   if (token !== settings.authtoken) {
+      console.error("# AUTH ERROR #", token)
+      await promiseDelay(500) // delay response to avoid denial of service attacks
+      res.code(403)
+      return res.send({status: "error", error: "access denied"})
+   }
+   else {}
+})
 
 fastify
    .get('/api/users', async function (req, res) {
@@ -46,3 +59,9 @@
    }
    // Server is now listening on ${address}
 })
+
+/////////////////////////////////////////////////////////////////////////
+
+async function promiseDelay(ms) {
+    return new Promise(resolve => setTimeout(resolve, ms))
+}
diff --git a/settings.js b/settings.js
index c0e306b..12cc7ae 100644
--- a/settings.js
+++ b/settings.js
@@ -1,4 +1,5 @@
 module.exports = {
+   authtoken: "jiuGfr432898D90290kjfsldkfn3hh8F",
    db: {
       host: "localhost",
       port: 33009,

--
Gitblit v1.8.0