#795 Send auth as Authorization header

alaneng-neu · alaneng-neu · commit 5c3d00cc21bf · 2024-02-26T15:31:54.000-05:00
diff --git a/.github/workflows/task-deadline-notifications.yml b/.github/workflows/task-deadline-notifications.yml
@@ -10,8 +10,5 @@ jobs:
     steps:
       - name: Send notifications
         run: |
-          curl -X POST https://api.finishlinebyner.com/tasks/sendTaskDeadlineSlackNotifications \
-          -H 'Content-Type: application/json' \
-          -d '{
-            "token": "${{ secrets.NOTIFICATION_ENDPOINT_SECRET }}"
-          }'
+          curl -X GET https://api.finishlinebyner.com/tasks/sendTaskDeadlineSlackNotifications \
+          -H 'Authorization: ${{ secrets.NOTIFICATION_ENDPOINT_SECRET }}'
diff --git a/src/backend/src/routes/tasks.routes.ts b/src/backend/src/routes/tasks.routes.ts
@@ -38,6 +38,6 @@ tasksRouter.post(
 
 tasksRouter.post('/:taskId/delete', TasksController.deleteTask);
 
-tasksRouter.post('/sendTaskDeadlineSlackNotifications', TasksController.sendTaskDeadlineSlackNotifications);
+tasksRouter.get('/sendTaskDeadlineSlackNotifications', TasksController.sendTaskDeadlineSlackNotifications);
 
 export default tasksRouter;
diff --git a/src/backend/src/utils/auth.utils.ts b/src/backend/src/utils/auth.utils.ts
@@ -35,12 +35,12 @@ export const requireJwtProd = (req: Request, res: Response, next: NextFunction)
   } else if (
     req.path === '/tasks/sendTaskDeadlineSlackNotifications' // task deadline notification endpoint
   ) {
-    const { secret } = req.body;
+    const { authorization } = req.headers;
     const { NOTIFICATION_ENDPOINT_SECRET } = process.env;
 
-    if (!secret) return res.status(401).json({ message: 'Authentication Failed: Secret not found!' });
+    if (!authorization) return res.status(401).json({ message: 'Authentication Failed: Secret not found!' });
 
-    if (secret !== NOTIFICATION_ENDPOINT_SECRET)
+    if (authorization !== NOTIFICATION_ENDPOINT_SECRET)
       return res.status(401).json({ message: 'Authentication Failed: Invalid secret!' });
 
     next();
@@ -70,6 +70,18 @@ export const requireJwtDev = (req: Request, res: Response, next: NextFunction) =
     req.method === 'OPTIONS' || // this is a pre-flight request and those don't send cookies
     req.path === '/users' // dev login needs the list of users to log in
   ) {
+    next();
+  } else if (
+    req.path === '/tasks/sendTaskDeadlineSlackNotifications' // task deadline notification endpoint
+  ) {
+    const { authorization } = req.headers;
+    const { NOTIFICATION_ENDPOINT_SECRET } = process.env;
+
+    if (!authorization) return res.status(401).json({ message: 'Authentication Failed: Secret not found!' });
+
+    if (authorization !== NOTIFICATION_ENDPOINT_SECRET)
+      return res.status(401).json({ message: 'Authentication Failed: Invalid secret!' });
+
     next();
   } else {
     const devUserId = req.headers.authorization;
