wip

Author: bharathcs

questions/package.json

@@ -17,7 +17,8 @@
     "cors": "^2.8.5",
     "express": "^4.18.2",
     "firebase-admin": "^11.11.0",
-    "mongoose": "^7.5.1"
+    "mongoose": "^7.5.1",
+    "openpgp": "^5.11.0"
   },
   "devDependencies": {
     "@types/body-parser": "^1.19.2",

questions/src/index.ts

@@ -8,8 +8,8 @@ import { getAuth } from "firebase-admin/auth";
 import http from "http";
 import mongoose from "mongoose";
 import getFirebaseMiddleware from "./middleware/auth";
-import decryptRequestBody from "./middleware/serverless";
-import { normalRouter } from "./router";
+import validatePasswordHeader from "./middleware/serverless";
+import { normalRouter, serverlessRouter } from "./router";
 
 dotenv.config();
 
@@ -34,7 +34,7 @@ app.use(cors(corsOptions));
 app.use(compression());
 app.use(bodyParser.json());
 app.use("/api/v1/", getFirebaseMiddleware(firebaseAuth), normalRouter());
-app.use("/api/serverless/", decryptRequestBody(), normalRouter());
+app.use("/api/serverless/", validatePasswordHeader(), serverlessRouter());
 
 const server = http.createServer(app);
 

questions/src/middleware/serverless.ts

@@ -1,63 +1,37 @@
 import express, { NextFunction } from "express";
-import { handleServerError } from "../utils";
-import crypto from "crypto";
+import { StatusMessageType } from "../types";
+import { handleCustomError, handleServerError } from "../utils";
 
-const decryptMessage = (iv: string, key: string, ciphertext: string) => {
-  try {
-    const decipher = crypto.createDecipheriv(
-      "aes-256-cbc",
-      Buffer.from(key, "hex"),
-      Buffer.from(iv, "hex")
-    );
-    let decrypted = decipher.update(ciphertext, "hex", "utf-8");
-    decrypted += decipher.final("utf-8");
-    return decrypted;
-  } catch (error) {
-    return null;
-  }
-};
-
-const decryptRequestBody = () => {
+const validatePasswordHeader = () => {
   return async (
     req: express.Request,
     res: express.Response,
     next: NextFunction
   ) => {
-    try {
-      const iv = process.env.INITIALIZATION_VECTOR;
-      const key = process.env.ENCRYPTION_KEY;
-      const ciphertext = req.body;
-
-      if (!key) {
-        handleServerError(new Error("No encryption key provided"), res);
-        return;
-      }
-
-      if (!iv) {
-        handleServerError(new Error("No initialization vector provided"), res);
-        return;
-      }
-
-      if (!ciphertext) {
-        handleServerError(new Error("No request body provided"), res);
-        return;
-      }
-
-      const decryptedMsg = decryptMessage(iv, key, ciphertext);
-      if (!decryptedMsg) {
-        handleServerError(new Error("Unable to decrypt request body"), res);
-        return;
-      }
-
-      req.body = JSON.parse(decryptedMsg);
-
-      next();
+    const password = process.env.PASSWORD_HEADER;
+    if (!password) {
+      handleServerError(new Error("No password provided"), res);
       return;
-    } catch (err: any) {
-      handleServerError(err, res);
+    }
+
+    const receivedPassword = req.headers["password_header"];
+
+    if (receivedPassword != password) {
+      console.dir(req.headers);
+      handleCustomError(
+        res,
+        {
+          type: StatusMessageType.ERROR,
+          message: "No password provided",
+        },
+        401
+      );
       return;
     }
+
+    next();
+    return;
   };
 };
 
-export default decryptRequestBody;
+export default validatePasswordHeader;

questions/src/router/index.ts

@@ -1,14 +1,13 @@
 import express from "express";
 import { questions, serverlessQuestions } from "./questions";
 
-const router = express.Router();
-
 export const normalRouter = (): express.Router => {
   questions(router);
   return router;
 };
 
 export const serverlessRouter = (): express.Router => {
+  const router = express.Router();
   serverlessQuestions(router);
   return router;
 };

questions/src/router/questions.ts

@@ -18,5 +18,8 @@ export const questions = (router: express.Router) => {
 };
 
 export const serverlessQuestions = (router: express.Router) => {
-  router.post("/questions", createQuestion);
+  router.post("/questions", (req, res) => {
+    console.log("Hello world");
+    res.send("Hello world");
+  });
 };

questions/yarn.lock

@@ -516,6 +516,16 @@ arrify@^2.0.0:
   resolved "https://registry.yarnpkg.com/arrify/-/arrify-2.0.1.tgz#c9655e9331e0abcd588d2a7cad7e9956f66701fa"
   integrity sha512-3duEwti880xqi4eAMN8AyR4a0ByT90zoYdLlevfrvU43vb0YZwZVfxOgxWrLXXXpyugL0hNZc9G6BiB5B3nUug==
 
+asn1.js@^5.0.0:
+  version "5.4.1"
+  resolved "https://registry.yarnpkg.com/asn1.js/-/asn1.js-5.4.1.tgz#11a980b84ebb91781ce35b0fdc2ee294e3783f07"
+  integrity sha512-+I//4cYPccV8LdmBLiX8CYvf9Sp3vQsrqu2QNXRcrbiWvcx/UdlFiqUJJzxRQxgsZmvhXhn4cSKeSmoFjVdupA==
+  dependencies:
+    bn.js "^4.0.0"
+    inherits "^2.0.1"
+    minimalistic-assert "^1.0.0"
+    safer-buffer "^2.1.0"
+
 async-retry@^1.3.3:
   version "1.3.3"
   resolved "https://registry.yarnpkg.com/async-retry/-/async-retry-1.3.3.tgz#0e7f36c04d8478e7a58bdbed80cedf977785f280"
@@ -562,6 +572,11 @@ bluebird@^3.7.2:
   resolved "https://registry.yarnpkg.com/bluebird/-/bluebird-3.7.2.tgz#9f229c15be272454ffa973ace0dbee79a1b0c36f"
   integrity sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==
 
+bn.js@^4.0.0:
+  version "4.12.0"
+  resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.12.0.tgz#775b3f278efbb9718eec7361f483fb36fbbfea88"
+  integrity sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==
+
 [email protected]:
   version "1.20.1"
   resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.20.1.tgz#b1812a8912c195cd371a3ee5e66faa2338a5c668"
@@ -1313,7 +1328,7 @@ inflight@^1.0.4:
     once "^1.3.0"
     wrappy "1"
 
-inherits@2, [email protected], inherits@^2.0.3:
+inherits@2, [email protected], inherits@^2.0.1, inherits@^2.0.3:
   version "2.0.4"
   resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c"
   integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==
@@ -1652,6 +1667,11 @@ mime@^3.0.0:
   resolved "https://registry.yarnpkg.com/mime/-/mime-3.0.0.tgz#b374550dca3a0c18443b0c950a6a58f1931cf7a7"
   integrity sha512-jSCU7/VB1loIWBZe14aEYHU/+1UMEHoaO7qxCOVJOw9GgH72VAWppxNcjU+x9a2k3GSIBXNKxXQFqRvvZ7vr3A==
 
+minimalistic-assert@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz#2e194de044626d4a10e7f7fbc00ce73e83e4d5c7"
+  integrity sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==
+
 minimatch@^3.1.1, minimatch@^3.1.2:
   version "3.1.2"
   resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.2.tgz#19cd194bfd3e428f049a70817c038d89ab4be35b"
@@ -1814,6 +1834,13 @@ once@^1.3.0, once@^1.4.0:
   dependencies:
     wrappy "1"
 
+openpgp@^5.11.0:
+  version "5.11.0"
+  resolved "https://registry.yarnpkg.com/openpgp/-/openpgp-5.11.0.tgz#cec5b285d188148f7b5201b9aceb53850cc286a2"
+  integrity sha512-hytHsxIPtRhuh6uAmoBUThHSwHSX3imLu7x4453T+xkVqIw49rl22MRD4KQIAQdCDoVdouejzYgcuLmMA/2OAA==
+  dependencies:
+    asn1.js "^5.0.0"
+
 optionator@^0.8.1:
   version "0.8.3"
   resolved "https://registry.yarnpkg.com/optionator/-/optionator-0.8.3.tgz#84fa1d036fe9d3c7e21d99884b601167ec8fb495"
@@ -2035,7 +2062,7 @@ [email protected], safe-buffer@>=5.1.0, safe-buffer@^5.0.1, safe-buffer@~5.2.0:
   resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6"
   integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==
 
-"safer-buffer@>= 2.1.2 < 3":
+"safer-buffer@>= 2.1.2 < 3", safer-buffer@^2.1.0:
   version "2.1.2"
   resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"
   integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==

serverless/run.py

@@ -2,31 +2,22 @@
 import os
 import tempfile
 
-import Crypto
-import Crypto.Random
 import requests
-from Crypto.Cipher import AES
 from dotenv import load_dotenv
 from git import Repo
 
 load_dotenv()
 BASE_URL = os.environ.get("BASE_URL")
-INITIALIZATION_VECTOR = os.environ.get("INITIALIZATION_VECTOR")
-ENCRYPTION_KEY = os.environ.get("ENCRYPTION_KEY")
+PASSWORD_HEADER = os.environ.get("PASSWORD_HEADER")
 
-def make_api_request(request_data):
-    # Define the API endpoint and the request payload (in JSON format)
-    print (str.encode(ENCRYPTION_KEY))
 
-    # Encrypt the request_data as needed with the INITIALIZATION_VECTOR and ENCRYPTION_KEY
-    cipher = AES.new(str.encode(ENCRYPTION_KEY), AES.MODE_CBC, iv=str.encode(INITIALIZATION_VECTOR))
-    encrypted = cipher.encrypt(request_data)
 
+def make_api_request(request_data):
 
     # Make an HTTP POST request to the API
-    url = f"{BASE_URL}/api/serverless"
+    url = f"{BASE_URL}/api/serverless/questions"
     try:
-        response = requests.post(url, data=encrypted)
+        response = requests.post(url, json=request_data, headers={"PASSWORD_HEADER": PASSWORD_HEADER})
         response.raise_for_status()  # Raise an exception for HTTP errors (4xx and 5xx)
 
         # Handle the API response here
@@ -96,11 +87,7 @@ def send_to_questions_service(qn):
     data['difficulty'] = qn["difficulty"]
     data['question'] = qn["question"]
 
-    json_data = json.dumps(data)
-    print(json_data)
-    response = make_api_request(json_data)
-    
-    print(f"How send ah...")
+    response = make_api_request(data)
 
 problems = load_problems()
 problems = [parse(qn) for qn in problems]