Skip to content

Commit

Permalink
Merge pull request #700 from stakwork/feat/protect-admin
Browse files Browse the repository at this point in the history
feat: added signature and message to all admin routes as query
  • Loading branch information
Rassl authored Dec 19, 2023
2 parents 3ff04db + 3c7d71c commit 1fe6b16
Show file tree
Hide file tree
Showing 4 changed files with 47 additions and 13 deletions.
14 changes: 11 additions & 3 deletions src/components/AddContentModal/index.tsx
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
import { useEffect, useState } from 'react'
import { FieldValues, FormProvider, useForm } from 'react-hook-form'
import * as sphinx from 'sphinx-bridge'
import { BaseModal } from '~/components/Modal'
import { notify } from '~/components/common/Toast/toastMessage'
import { BaseModal } from '~/components/Modal'
import {
DOCUMENT,
LINK,
Expand All @@ -17,7 +17,7 @@ import { api } from '~/network/api'
import { useModal } from '~/stores/useModalStore'
import { useUserStore } from '~/stores/useUserStore'
import { SubmitErrRes } from '~/types'
import { executeIfProd, getLSat, payLsat, updateBudget } from '~/utils'
import { executeIfProd, generateAuthQueryParam, getLSat, payLsat, updateBudget } from '~/utils'
import { BudgetStep } from './BudgetStep'
import { LocationStep } from './LocationStep'
import { SourceStep } from './SourceStep'
Expand Down Expand Up @@ -103,7 +103,15 @@ const handleSubmitForm = async (
})

try {
const res: SubmitErrRes = await api.post(`/${endPoint}`, JSON.stringify(body), {
let query = ''

if (endPoint === 'radar') {
const result = await generateAuthQueryParam()

query = `?${result}`
}

const res: SubmitErrRes = await api.post(`/${endPoint}${query}`, JSON.stringify(body), {
Authorization: lsatToken,
})

Expand Down
37 changes: 28 additions & 9 deletions src/network/fetchSourcesData/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import {
RadarRequest,
SubmitErrRes,
} from '~/types'
import { generateAuthQueryParam } from '~/utils'
import { api } from '../api'

type TradarParams = {
Expand Down Expand Up @@ -68,8 +69,10 @@ export const getRadarData = async (queryParams: TradarParams = defaultParams) =>
}

export const getTopicsData = async (queryParams: TtopicsParams = defaultParams) => {
const query = await generateAuthQueryParam()

const response = await api.get<FetchTopicResponse>(
`/topics?${new URLSearchParams({ ...defaultParams, ...queryParams }).toString()}`,
`/topics?${new URLSearchParams({ ...defaultParams, ...queryParams }).toString()}${query}`,
)

return response
Expand All @@ -88,51 +91,67 @@ export const getStats = async () => {
}

export const getEdgeTypes = async () => {
const response = await api.get<FetchEdgesResponse>('/curation/edge/type')
const query = await generateAuthQueryParam()

const response = await api.get<FetchEdgesResponse>(`curation/edge/type?${query}`)

return response
}

export const postEdgeType = async (data: TAddEdgeParams) => {
const response = await api.post('/curation/edge', JSON.stringify(data))
const query = await generateAuthQueryParam()

const response = await api.post(`/curation/edge?${query}`, JSON.stringify(data))

return response
}

export const postAboutData = async (data: TAboutParams) => {
const response = await api.post('/about', JSON.stringify(data))
const query = await generateAuthQueryParam()

const response = await api.post(`/about?${query}`, JSON.stringify(data))

return response
}

export const postMergeTopics = async (data: TMergeTopicsParams) => {
const response = await api.post('/curation/merge', JSON.stringify(data))
const query = await generateAuthQueryParam()

const response = await api.post(`/curation/merge?${query}`, JSON.stringify(data))

return response
}

export const triggerRadarJob = async () => api.get<SubmitErrRes>(`/radar/trigger-job`)

export const putRadarData = async (id: string, data: RadarRequest) => {
const response = await api.put(`/radar/${id}`, JSON.stringify(data))
const query = await generateAuthQueryParam()

const response = await api.put(`/radar/${id}?${query}`, JSON.stringify(data))

return response
}

export const putNodeData = async (data: NodeRequest) => {
const response = await api.put(`/node`, JSON.stringify(data))
const query = await generateAuthQueryParam()

const response = await api.put(`/node?${query}`, JSON.stringify(data))

return response
}

export const approveRadarData = async (id: string, pubkey: string) => {
const response = await api.put(`/radar/${id}/approve`, JSON.stringify({ approve: 'True', pubkey }))
const query = await generateAuthQueryParam()

const response = await api.put(`/radar/${id}/approve?${query}`, JSON.stringify({ approve: 'True', pubkey }))

return response
}

export const deleteRadarData = async (id: string) => {
const response = await api.delete(`/radar/${id}`)
const query = await generateAuthQueryParam()

const response = await api.delete(`/radar/${id}?${query}`)

return response
}
6 changes: 6 additions & 0 deletions src/utils/getSignedMessage/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -21,3 +21,9 @@ export async function getSignedMessageFromRelay(): Promise<{ message: string; si
return { message: '', signature: '' }
}
}

export async function generateAuthQueryParam() {
const res = await getSignedMessageFromRelay()

return `sig=${res.signature}&msg=${res.message}`
}
3 changes: 2 additions & 1 deletion src/utils/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ import { timeToMilliseconds } from './timeToMilliseconds'
import { useIsMatchBreakpoint } from './useIsMatchBreakpoint'
// import APP_VERSION from './versionHelper'
import { extractUuidAndHost } from './auth'
import { getSignedMessageFromRelay } from './getSignedMessage'
import { generateAuthQueryParam, getSignedMessageFromRelay } from './getSignedMessage'
import { videoTimeToSeconds } from './videoTimetoSeconds'

export {
Expand Down Expand Up @@ -47,4 +47,5 @@ export {
videoTimeToSeconds,
getSignedMessageFromRelay,
extractUuidAndHost,
generateAuthQueryParam,
}

0 comments on commit 1fe6b16

Please sign in to comment.