From f4ffb758e1520a30e472c0d621af76bbd3cac735 Mon Sep 17 00:00:00 2001 From: Nathan Lie Date: Thu, 12 Dec 2024 13:14:17 -0800 Subject: [PATCH] feat: await signature verification, test improvements --- packages/backend/src/app.ts | 2 +- packages/backend/src/shared/utils.test.ts | 3 +++ packages/backend/src/shared/utils.ts | 3 +-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/packages/backend/src/app.ts b/packages/backend/src/app.ts index 93e47d352c..39cd7b7ba0 100644 --- a/packages/backend/src/app.ts +++ b/packages/backend/src/app.ts @@ -399,7 +399,7 @@ export class App { koa.use( async (ctx: TenantedHttpSigContext, next: Koa.Next): Promise => { - if (!verifyTenantOrOperatorApiSignature(ctx, this.config)) { + if (!(await verifyTenantOrOperatorApiSignature(ctx, this.config))) { ctx.throw(401, 'Unauthorized') } return next() diff --git a/packages/backend/src/shared/utils.test.ts b/packages/backend/src/shared/utils.test.ts index fc9077feef..4b8d7b8ea7 100644 --- a/packages/backend/src/shared/utils.test.ts +++ b/packages/backend/src/shared/utils.test.ts @@ -441,8 +441,11 @@ describe('utils', (): void => { ctx.request.body = requestBody + const tenantService = await deps.use('tenantService') + const getSpy = jest.spyOn(tenantService, 'get') const result = await verifyTenantOrOperatorApiSignature(ctx, config) expect(result).toEqual(false) + expect(getSpy).toHaveBeenCalled() expect(ctx.tenant).toBeUndefined() expect(ctx.isOperator).toEqual(false) }) diff --git a/packages/backend/src/shared/utils.ts b/packages/backend/src/shared/utils.ts index cc63458130..7288343e50 100644 --- a/packages/backend/src/shared/utils.ts +++ b/packages/backend/src/shared/utils.ts @@ -198,8 +198,7 @@ export async function verifyTenantOrOperatorApiSignature( if (!tenant) return false - if (!(await canApiSignatureBeProcessed(signature as string, ctx, config))) - return false + if (!(await canApiSignatureBeProcessed(signature, ctx, config))) return false // First, try validating with the tenant api secret if (