openstatus.dev / openstatus
Openstatus www.openstatus.dev
fork atom

Fix headers (#851)

* 🚀 fix header

* 🚀 fix header

authored by

Thibault Le Ouay and committed by
GitHub 3ef0a271 72bde1f2

+25 -4
+1
apps/screenshot-service/package.json
··· 12 12 "@openstatus/db": "workspace:*", 13 13 "@openstatus/utils": "workspace:^", 14 14 "@t3-oss/env-core": "0.7.1", 15 + "@upstash/qstash": "2.1.8", 15 16 "drizzle-orm": "0.30.7", 16 17 "hono": "4.2.2", 17 18 "playwright": "1.43.0",
+2
apps/screenshot-service/src/env.ts
··· 8 8 R2_ACCESS_KEY: z.string().min(1), 9 9 R2_SECRET_KEY: z.string().min(1), 10 10 HEADER_TOKEN: z.string().min(1), 11 + QSTASH_SIGNING_SECRET: z.string().min(1), 12 + QSTASH_NEXT_SIGNING_SECRET: z.string().min(1), 11 13 }, 12 14 13 15 /**
+19 -4
apps/screenshot-service/src/index.ts
··· 6 6 7 7 import { db, eq } from "@openstatus/db"; 8 8 import { incidentTable } from "@openstatus/db/src/schema/incidents/incident"; 9 + import { Receiver } from "@upstash/qstash"; 9 10 10 11 import { env } from "./env"; 11 12 ··· 16 17 accessKeyId: env.R2_ACCESS_KEY, 17 18 secretAccessKey: env.R2_SECRET_KEY, 18 19 }, 20 + }); 21 + 22 + const receiver = new Receiver({ 23 + currentSigningKey: env.QSTASH_SIGNING_SECRET, 24 + nextSigningKey: env.QSTASH_NEXT_SIGNING_SECRET, 19 25 }); 20 26 21 27 const app = new Hono(); ··· 35 41 }) 36 42 ), 37 43 async (c) => { 38 - const auth = c.req.header("api-key"); 39 - if (auth !== `Basic ${env.HEADER_TOKEN}`) { 44 + const signature = c.req.header("Upstash-Signature"); 45 + // if (auth !== `Basic ${env.HEADER_TOKEN}`) { 46 + // console.error("Unauthorized"); 47 + // return c.text("Unauthorized", 401); 48 + // } 49 + 50 + const data = c.req.valid("json"); 51 + const isValid = receiver.verify({ 52 + signature: signature || "", 53 + body: JSON.stringify(data), 54 + }); 55 + if (!isValid) { 56 + 40 57 console.error("Unauthorized"); 41 58 return c.text("Unauthorized", 401); 42 59 } 43 - 44 - const data = c.req.valid("json"); 45 60 46 61 const browser = await playwright.chromium.launch({ 47 62 headless: true, // set this to true
+3
pnpm-lock.yaml
··· 80 80 '@t3-oss/env-core': 81 81 specifier: 0.7.1 82 82 version: 0.7.1(typescript@5.4.4)(zod@3.22.4) 83 + '@upstash/qstash': 84 + specifier: 2.1.8 85 + version: 2.1.8 83 86 drizzle-orm: 84 87 specifier: 0.30.7 85 88 version: 0.30.7(@cloudflare/workers-types@4.20240512.0)(@libsql/client@0.6.0(bufferutil@4.0.7)(utf-8-validate@6.0.3))(@opentelemetry/api@1.4.1)(@types/react@18.2.64)(better-sqlite3@10.0.0)(bun-types@1.0.11)(react@18.2.0)