Skip to content

Commit 909dedf

Browse files
gergelykegergelyke
committed
feat(token): check if apiToken is a valid jwt token
1 parent 97475c5 commit 909dedf

File tree

3 files changed

+33
-19
lines changed

3 files changed

+33
-19
lines changed

e2e/index.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
'use strict'
22

3-
var TRACE_API_KEY_TEST = 'api-key'
3+
var TRACE_API_KEY_TEST = 'headers.payload.signature'
44
var TRACE_SERVICE_NAME_TEST = 'service-name'
55

66
var childProcessTest = require('./utils/childProcessTest')

lib/utils/configReader.js

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -96,6 +96,20 @@ ConfigReader.prototype._getFileConfig = function (file) {
9696
}
9797
}
9898

99+
ConfigReader.prototype.checkApiToken = function (token) {
100+
var bearerTokenParts
101+
102+
if (!token) {
103+
throw new Error('Missing apiKey, please set the TRACE_API_KEY environment variable')
104+
}
105+
106+
bearerTokenParts = token.split('.')
107+
108+
if (bearerTokenParts.length !== 3) {
109+
throw new Error('Invalid apiKey, please make sure to copy-paste the entire token')
110+
}
111+
}
112+
99113
ConfigReader.prototype.getConfig = function () {
100114
var parameterConfig = this.parameterConfig
101115
var systemConfig = this._getSystemConfig()
@@ -118,9 +132,7 @@ ConfigReader.prototype.getConfig = function () {
118132

119133
config.whiteListHosts = [url.parse(config.collectorApiUrl).host]
120134

121-
if (!config.apiKey) {
122-
throw new Error('Missing apiKey, please set the TRACE_API_KEY environment variable')
123-
}
135+
this.checkApiToken(config.apiKey)
124136

125137
if (!config.serviceName) {
126138
throw new Error('Missing serviceName, please set the TRACE_SERVICE_NAME environment variable')

lib/utils/configReader.spec.js

Lines changed: 17 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@ var expect = require('chai').expect
33
var ConfigReader = require('./configReader')
44

55
describe('Config Reader module', function () {
6+
var testApiToken = 'headers.payload.signature'
7+
68
it('creates a configReader', function () {
79
var config = { }
810

@@ -15,7 +17,7 @@ describe('Config Reader module', function () {
1517
var configReader = ConfigReader.create({
1618
serviceName: 'test',
1719
reporter: 'dummy',
18-
apiKey: 'api-key'
20+
apiKey: testApiToken
1921
})
2022

2123
var getDefaultConfigStub = this.sandbox.stub(configReader, '_getDefaultConfig', function () {
@@ -35,7 +37,7 @@ describe('Config Reader module', function () {
3537
serviceName: 'test',
3638
reporter: 'dummy',
3739
collectorApiUrl: 'http://c.a.b',
38-
apiKey: 'api-key'
40+
apiKey: testApiToken
3941
})
4042

4143
var getFileConfigStub = this.sandbox.stub(configReader, '_getFileConfig', function () {
@@ -52,7 +54,7 @@ describe('Config Reader module', function () {
5254
serviceName: 'test',
5355
reporter: 'dummy',
5456
collectorApiUrl: 'http://c.a.b',
55-
apiKey: 'api-key'
57+
apiKey: testApiToken
5658
})
5759

5860
var getEnvVarConfigStub = this.sandbox.stub(configReader, '_getEnvVarConfig', function () {
@@ -70,7 +72,7 @@ describe('Config Reader module', function () {
7072
serviceName: 'test',
7173
reporter: 'dummy',
7274
collectorApiUrl: 'http://c.a.b',
73-
apiKey: 'api-key'
75+
apiKey: testApiToken
7476
})
7577

7678
var getSystemConfigStub = this.sandbox.stub(configReader, '_getSystemConfig', function () {
@@ -88,7 +90,7 @@ describe('Config Reader module', function () {
8890
serviceName: 'test',
8991
reporter: 'dummy',
9092
collectorApiUrl: 'http://c.a.b',
91-
apiKey: 'api-key'
93+
apiKey: testApiToken
9294
})
9395

9496
this.sandbox.stub(configReader, '_getEnvVarConfig').returns({})
@@ -107,7 +109,7 @@ describe('Config Reader module', function () {
107109
})
108110

109111
it('environment variables config should override file config', function () {
110-
var configReader = ConfigReader.create({ serviceName: 'test', reporter: 'dummy', apiKey: 'api-key' })
112+
var configReader = ConfigReader.create({ serviceName: 'test', reporter: 'dummy', apiKey: testApiToken })
111113

112114
this.sandbox.stub(configReader, '_getEnvVarConfig', function () {
113115
return { test: 'env' }
@@ -123,7 +125,7 @@ describe('Config Reader module', function () {
123125
})
124126

125127
it('system config should override all env var config', function () {
126-
var configReader = ConfigReader.create({ serviceName: 'test', reporter: 'dummy', apiKey: 'api-key' })
128+
var configReader = ConfigReader.create({ serviceName: 'test', reporter: 'dummy', apiKey: testApiToken })
127129

128130
this.sandbox.stub(configReader, '_getSystemConfig', function () {
129131
return { test: 'system' }
@@ -145,7 +147,7 @@ describe('Config Reader module', function () {
145147
serviceName: 'test',
146148
reporter: 'dummy',
147149
test: 'param',
148-
apiKey: 'api-key'
150+
apiKey: testApiToken
149151
})
150152

151153
this.sandbox.stub(configReader, '_getSystemConfig', function () {
@@ -167,7 +169,7 @@ describe('Config Reader module', function () {
167169
process.env.VCAP_SERVICES = JSON.stringify({
168170
trace: [{
169171
credentials: {
170-
TRACE_API_KEY: 'test-key'
172+
TRACE_API_KEY: testApiToken
171173
}
172174
}]
173175
})
@@ -180,7 +182,7 @@ describe('Config Reader module', function () {
180182
var cfg = configReader.getConfig()
181183

182184
expect(cfg.serviceName).to.eql('test-app')
183-
expect(cfg.apiKey).to.eql('test-key')
185+
expect(cfg.apiKey).to.eql(testApiToken)
184186
delete process.env.VCAP_APPLICATION
185187
delete process.env.VCAP_SERVICES
186188
})
@@ -190,7 +192,7 @@ describe('Config Reader module', function () {
190192
serviceName: 'test',
191193
reporter: 'dummy',
192194
collectorApiUrl: 'http://c.a.b',
193-
apiKey: 'api-key'
195+
apiKey: testApiToken
194196
})
195197

196198
this.sandbox.stub(configReader, '_getDefaultConfig', function () {
@@ -209,7 +211,7 @@ describe('Config Reader module', function () {
209211
var configReader = ConfigReader.create({
210212
serviceName: 'test',
211213
reporter: 'dummy',
212-
apiKey: 'api-key'
214+
apiKey: testApiToken
213215
})
214216

215217
this.sandbox.stub(configReader, '_getEnvVarConfig', function () {
@@ -229,7 +231,7 @@ describe('Config Reader module', function () {
229231
serviceName: 'test',
230232
reporter: 'dummy',
231233
configPath: 'param',
232-
apiKey: 'api-key'
234+
apiKey: testApiToken
233235
})
234236

235237
var getFileConfigStub = this.sandbox.stub(configReader, '_getFileConfig').returns({})
@@ -245,7 +247,7 @@ describe('Config Reader module', function () {
245247
serviceName: 'test',
246248
reporter: 'dummy',
247249
configPath: 'a/surely/nonexisting/path',
248-
apiKey: 'api-key'
250+
apiKey: testApiToken
249251
})
250252

251253
configReader.getConfig()
@@ -275,7 +277,7 @@ describe('Config Reader module', function () {
275277
serviceName: 'test',
276278
reporter: 'dummy',
277279
configPath: 'test',
278-
apiKey: 'api-key'
280+
apiKey: testApiToken
279281
})
280282
var log = this.sandbox.spy(console, 'error')
281283
var wellformed = {

0 commit comments

Comments
 (0)