feat(server): support experimental token config

satorijs · Oct 18, 2023 · b386cca · b386cca
1 parent 2f5931a
commit b386cca
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/packages/server/package.json b/packages/server/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@satorijs/server",
   "description": "Basic API server for Satori protocol",
-  "version": "1.0.4",
+  "version": "2.1.0",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",
   "exports": {

diff --git a/packages/server/src/index.ts b/packages/server/src/index.ts
@@ -22,13 +22,15 @@ export interface WebhookConfig {
 
 export interface Config {
   path?: string
+  token?: string
   api?: ApiConfig
   websocket?: WebSocketConfig
   webhook?: WebhookConfig
 }
 
 export const Config: Schema<Config> = Schema.object({
   path: Schema.string().default('/satori'),
+  token: Schema.string().experimental(),
   api: Schema.object({
     // enabled: Schema.boolean().default(true),
   }),
@@ -63,6 +65,13 @@ export function apply(ctx: Context, config: Config) {
       return koa.status = 404
     }
 
+    if (config.token) {
+      if (koa.request.headers.authorization !== `Bearer ${config.token}`) {
+        koa.body = 'invalid token'
+        return koa.status = 403
+      }
+    }
+
     const json = koa.request.body
     const selfId = koa.request.headers['x-self-id']
     const platform = koa.request.headers['x-platform']
@@ -121,6 +130,12 @@ export function apply(ctx: Context, config: Config) {
       }
 
       if (payload.op === Universal.Opcode.IDENTIFY) {
+        if (config.token) {
+          if (payload.body?.token !== config.token) {
+            return socket.close(4004, 'invalid token')
+          }
+        }
+
         client.authorized = true
         socket.send(JSON.stringify({
           op: Universal.Opcode.READY,