Astrian/invoice-issuer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement bearer token validation for payer and invoice routes

Browse Source
This commit is contained in:
Astrian Zheng 2025-01-12 11:33:20 +11:00
parent 1db3122579
commit ac53c3c6cf
Signed by: Astrian
SSH Key Fingerprint: SHA256:rVnhx3DAKjujCwWE13aDl7uV6+9U1MvydLkNRXJrBiA
3 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
backend/src/app.ts
View File

@ -41,7 +41,12 @@ app.use(route.get('/', (ctx) => {
}))
app.use(route.post('/payer', async (ctx) => {
// TODO: 请求头验证 bearer token
// 请求头验证 bearer token
const bearerToken = ctx.request.headers['authorization']?.split(' ')
if (!bearerToken) throw new HttpError(ErrorDescEnum.unauthorized, 401)
if (bearerToken[0] !== 'Bearer') throw new HttpError(ErrorDescEnum.unauthorized, 401)
if (!bearerToken[1]) throw new HttpError(ErrorDescEnum.unauthorized, 401)
await func.verifyBearerToken(bearerToken[1])
// 验证必填字段
// 字段缺失时
@ -75,7 +80,12 @@ app.use(route.post('/payer', async (ctx) => {
}))
app.use(route.post('/invoice', async (ctx) => {
// TODO: 请求头验证 bearer token
// 请求头验证 bearer token
const bearerToken = ctx.request.headers['authorization']?.split(' ')
if (!bearerToken) throw new HttpError(ErrorDescEnum.unauthorized, 401)
if (bearerToken[0] !== 'Bearer') throw new HttpError(ErrorDescEnum.unauthorized, 401)
if (!bearerToken[1]) throw new HttpError(ErrorDescEnum.unauthorized, 401)
await func.verifyBearerToken(bearerToken[1])
// 提取字段,并验证必填字段
if (!ctx.request.body) throw new HttpError(ErrorDescEnum.required_fields_missing, 400, ['payerId', 'period', 'items', 'dueDate'])

4
backend/src/func/index.ts
View File

@ -1,7 +1,9 @@
import createPayer from "./createPayer"
import issueInvoice from "./issueInvoice"
import verifyBearerToken from "./verifyBearerToken"
export default {
createPayer,
issueInvoice
issueInvoice,
verifyBearerToken
}

6
backend/src/func/verifyBearerToken.ts Normal file
View File

@ -0,0 +1,6 @@
import { ErrorDescEnum, HttpError } from "../classes/HttpError"
export default async (token: string) => {
const bearerToken = process.env.BEARER_TOKEN
if (!bearerToken) throw new HttpError(ErrorDescEnum.unauthorized, 401)
}