add internal auth bypass to new endpoints

This commit is contained in:
Nick Caradonna
2025-05-28 14:29:25 -04:00
parent ff5f2e7e30
commit 0594c3811c

View File

@@ -788,7 +788,12 @@ const main = async (): Promise<void> => {
const origin = req.get('Origin') || req.get('Referer'); const origin = req.get('Origin') || req.get('Referer');
const allowedOrigins = ['https://app.drift.trade', 'https://beta.drift.trade']; const allowedOrigins = ['https://app.drift.trade', 'https://beta.drift.trade'];
if (!origin || !allowedOrigins.some(allowed => origin.startsWith(allowed))) { const hasAuth = (
(req.headers.Authorization || req.headers.authorization) ===
process.env.INTERNAL_SECRET
)
if (!hasAuth && (!origin || !allowedOrigins.some(allowed => origin.startsWith(allowed)))) {
res.status(403).json({ error: 'Forbidden: Invalid origin' }); res.status(403).json({ error: 'Forbidden: Invalid origin' });
return; return;
} }
@@ -845,7 +850,12 @@ const main = async (): Promise<void> => {
const origin = req.get('Origin') || req.get('Referer'); const origin = req.get('Origin') || req.get('Referer');
const allowedOrigins = ['https://app.drift.trade', 'https://beta.drift.trade']; const allowedOrigins = ['https://app.drift.trade', 'https://beta.drift.trade'];
if (!origin || !allowedOrigins.some(allowed => origin.startsWith(allowed))) { const hasAuth = (
(req.headers.Authorization || req.headers.authorization) ===
process.env.INTERNAL_SECRET
)
if (!hasAuth && (!origin || !allowedOrigins.some(allowed => origin.startsWith(allowed)))) {
res.status(403).json({ error: 'Forbidden: Invalid origin' }); res.status(403).json({ error: 'Forbidden: Invalid origin' });
return; return;
} }